Recent Posts
- Scary monsters (and super creeps)
- Happy exploit wednesday!
- All you can spray
- Update: PDF sploits in the wild
- PDF sploits in the wild
- MPEG2TuneRequest 0-day
- Bad guys and sexy sploits: CVE-2009-1537
- Use the source, Luke!
- Vuln: Microsoft Excel Object Type Confusion Remote ..
-
Microsoft Excel Object Type Confusion Remote Code Execut..
- Vuln: Microsoft Excel MDXSET Record Remote Heap Buf..
-
Microsoft Excel MDXSET Record Remote Heap Buffer Overflo..
- Vuln: RETIRED: Microsoft March 2010 Advance Notific..
-
RETIRED: Microsoft March 2010 Advance Notification Multi..
Categories
Comments
- abhi:Hi, I go
- k`sOSe:sorry for that,
- ftk:can you reuploa
- Vincent:Yup, 403.
- DG:403 Forbidden f
- k`sOSe:yep, exactly. t
- Thierry :"assuming
- h4x0r:Yeahhh ! i,m w
- snip:All work and no
- testonly:hi, i tried thi
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
PornoSecurity: sexy vulns, porno sploits and the like
Use the source, Luke!
Posted on 2009-06-17 17:58:10 in PornoSecurity
Hi there, as a proof that I'm alive and kickin I wanna show you this.This is the same as Apple iTunes 8.1.1.10 (itms/itcp) Remote Buffer Overflow Exploit (win), but not the same :)
It's just... somewhat easier. I wrote it in a couple of hours while watching HD porn(I can prove that! I have a witness :).
It is a little tricky but not hard at all.
As you may know or not metasploit can do alfanumeric shellcode with a little exception: it can't do alfanum getpc(). What I mean is that is not able to make alfanumeric opcodes that will find the shellcode location in memory and so if you try to make an alfanumeric shellcode with mfsencode you'll always get some non-alfanumeric characters: the instructions used to calculate the absolute position in memory of the shellcode.
It turns out that msfencode has an undocumented option(it was undocumented for a while but could be that now it's written somewhere, I didn't checked it) that you can use to tell it that there's no need to calculate anything because the location of the shellcode is already on a register, it's the BufferRegister=REG32 option. With that specified you'll get pure alfanumeric shellcode.
It's funnny to know how many people are not aware of this option. It's funny to know how many people don't even try to understand *why* they don't get what they want when they see those non-alfanumeric chars.
2009-06-20 13:01:08
h4x0r: Yeahhh ! i,m witness of this man he is right ! with 10 MB Bandwidth and lots of best HD\'s (latest one\'s my mean if you want know about new stars just ask ... ) :D during exploitation / reverse engineering . and also i,m witness , he will be one of famous researcher and also witness , he is one of my best friend and one of real man in this commercial world . anyway we believe to \"no more free bugs\" (A.K.A no more free as.s shake !!! ) but maybe we want release some of our works ... and finally i love this guy (he know why ) . hop to have you by my side . be safe .