r00l
Oct 21 2003, 11:05 AM
thorel
Oct 21 2003, 11:40 AM
woooha! Sounds cool, I'll check it out
0wn4g3
Oct 21 2003, 12:24 PM
whow does it works ?
r00l
Oct 21 2003, 09:49 AM
exploit by blasty@geekz.nl
using Win32 Bind Shell - Copyright © 2003 METASPLOIT.COM
dunno if it works
tribalgoa
Oct 21 2003, 01:12 PM
where can i download an old MIRC client to i can test this ???
ATB
Oct 21 2003, 03:18 PM
10x alot m8 but after the html is created what i need to do ??? mayB can ya explain a little more about this exploite and how it works ?
10q !
fastburner
Oct 21 2003, 03:24 PM
is it compiled with the orginal shellcode ?than it open only a cmd.exe and dont bind a shell .
TheDuck
Oct 21 2003, 04:20 PM
10x
how do I work with this? can you explain me?
mdk
Oct 21 2003, 06:14 PM
seems to be the local exploit...
nio_xtreme
Oct 21 2003, 06:26 PM
Hey this *.HTML doesn't even crash tee Mirc.i Don't tell about the code..no bind shell port 4444 etc.it just try to change servers.i user mirc 5.9,6.0,6.11 it doesn't work in anyone..so?Somebody to help or the exploit doen't work?
ATB
Oct 21 2003, 08:07 PM
Yep its just change a channel nothing else... :\
r00l
Oct 21 2003, 08:36 PM
i changed the shellcode with bindshell shellcode...but it does the same as the old shellcode...try's to change the servers
u have to send the index.html to some1.
| QUOTE |
remote mirc < 6.11 exploit by blasty
/** gEEk-(filtered)-khaled.c -- remote mirc < 6.11 exploit by blasty
**
** TESTED ON: Windows XP (No SP, Ducth) Build: 2600.xpclient.010817-1148
**
** A few days ago, I saw a mIRC advisory on packetstorm [1] and was surprised
** nobody had written an exploit yet. So I decided to start writing one.
** Since this was my first time coding a exploit for windows, it took some
** research before I got the hang of it. (Ollydbg is much more confusing then GDB btw )
**
** This exploits (ab)uses the bug in irc:// URI handling. It contains a buffer-
** overflow, and when more then 998 bytes are given EIP will be overwritten.
**
** At first I was thinking of a simple solution to get this exploitable. Since
** giving an URI with > 998 chars to someone on IRC is simply NOT done
** Then I remember the iframe-irc:// flaw found by uuuppzz [2]
**
** This exploit will write an malicious HTML file containing an iframe executing the
** irc:// address. So you can give this to anyone on IRC for example
** The shellcode included does only execute cmd.exe, because I don't want to be this
** a scriptkiddy util. But, replacing the shellcode with your own is also possible.
** An 400 bytes shellcode (bindshell etc.) easily fits in the buffer, but it may require
** some tweaking.
** After exiting the cmd.exe mIRC will crash, so shellcode its not 100% clean, but who carez
**
** Oh yeah, I almost forgot.. this exploit also works even if mIRC isn't started.
** mIRC will start automatically when an irc:// is executed, so you can also send somebody
** and HTML email containing the evil HTML code. (only for poor clients like Outlook Express )
**
** Anyway, have fun with it, and dont own complete newb #chans
**
** Greetz to:
** inz, demz, gEEkz team
**
** [1] http://www.packetstormsecurity.nl/0310-adv...ries/mirc61.txt
** [2] http://www.uuuppz.com/research/adv-001-mirc.htm
**
** -- blasty (blasty@geekz.nl / www.geekz.nl)
**/
|
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
