42 lines
No EOL
1.6 KiB
Text
42 lines
No EOL
1.6 KiB
Text
___ Everyone Loves
|
|
O|0_+|O the Hypnotoad...
|
|
|...|
|
|
| |
|
|
=o0O=====O0o===============================
|
|
| QuickTime RTSP Response Content-type |
|
|
| remote stack rewrite exploit for IE 6/7 |
|
|
| by Yag Kohha (skyhole [at] gmail.com) |
|
|
===========================================
|
|
|
|
Exploit tested on:
|
|
- Windows Vista
|
|
- Windows XP SP2
|
|
- IE 6.0/ 7.0
|
|
- QT 7.2/ 7.3
|
|
|
|
Exploit requirements:
|
|
Target: Windows Vista/ XP SP2 , IE 6.0/7.0, QT 7.2/7.3
|
|
Server: Linux, Perl, Apache web- server
|
|
|
|
Whats inside:
|
|
index.html - hypertext document with heap spray javascript and QT plugin call with playlist.mov (place to public web-folder)
|
|
server - rtsp- server emulator (run in your linux shell in background mode "./server&")
|
|
playlist.mov - play list with rtsp server link (edit "_server_emulator_ip" with address of rtsp-server emulator started and place to public web-folder)
|
|
Try to load index.html in your browser from remote web- server with installed exploit.
|
|
|
|
Greetz 2:
|
|
- str0ke & milw0rm
|
|
- shinnai
|
|
- h07 for bug publication
|
|
- muts & InTel for code play'ng ( but guyz, U`rs releases coded with SEH overwrite... It's so many problems
|
|
with shellcode modification and stable exploitation on different systems...
|
|
for whats?
|
|
We can overwrite EIP with buffer generation like 65535 bytes. In this release EIP -> 0x0c0c0c0c )
|
|
|
|
Fuckz 2:
|
|
- wslabi.com (too stupid resource for selling shit)
|
|
- ICEPACK and MPACK coderz (Fucking javascript kidd0z and code thiefz)
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4664.tar.gz (11272007-qt_public.tar.gz)
|
|
|
|
# milw0rm.com [2007-11-27] |