/* Yahpoo.c by bob@dtors.net [www.dtors.net] [DSR]
*
* Why Yahoo Messenger have not fixed this vulnerbility
* I dont know...but either way they are stupid!
*
* This exploit has been tested on:
* Yahoo Messenger 5,5,0,1246
* Yahoo Module 5,5,0,454
*
* For:
* Windows 2000 Professional 5.0.2195 SP3
*
* Rave@dtors.net has released a windows [exe] version of this
* exploit but for Windows XP Pro SP1.
* So both targets are vulnerable XP/2k...some addresses might need changing.
*
* Problems that may occur:
*
* The addresses used may vary from box to box..so they might need changing.
* The stack may keep on changing the location of your shellcode address..you
* need to hit a static sector that will not alternate. [this is the reason we jmp]
* There exist two crashes...the first one we bypass..this is the access violation
* when you hit the nop sled the first time round. The second crash is where we
* hit the nop sled...so dont get confused between the 2.
*
* The shellcode used here...will not do anything malicious..just opens a popup box
* You can change this shellcode to something else...but the buffer is not very big
* so there is no chance of a bind shell or anything.
* Sloth from nopninjas.com has a shellcode that will download a trojan
* and execute it. Nice and small as well
*
* Thats about it...this exploit will lead to remote command execution on the
* victim. Bare in mind this is triggered via bad URI handling...and the victim
* needs to actually view the evil html file..this can be done automatically via
* email >:)
*
* Big Lovin to rica.
* Thanks to rave for his time.
* Greetz:
* mercy, Redg, opy, phreez, eSDee, ilja, looney, The_itch, angelo, inv, kokanin,
* macd, SiRVu|can, Sally, Lucipher, gloomy, phaze, uproot, b0f.
* special thanks to sloth@nopninjas
*
*
* bob@dtors.net www.dtors.net
*/
