what a lame exploit on a lame site, just a mirror of packetstorm and k-otic ...
Peter > > /** gEEk-fuck-khaled.c -- remote mirc < 6.11 exploit > by blasty > ** > ** TESTED ON: Windows XP (No SP, Ducth) Build: > 2600.xpclient.010817-1148 > ** > ** A few days ago, I saw a mIRC advisory on > packetstorm [1] and was surprised > ** nobody had written an exploit yet. So I decided > to start writing one. > ** Since this was my first time coding a exploit for > windows, it took some > ** research before I got the hang of it. (Ollydbg is > much more confusing then GDB btw :P) > ** > ** This exploits (ab)uses the bug in irc:// URI > handling. It contains a buffer- > ** overflow, and when more then 998 bytes are given > EIP will be overwritten. > ** > ** At first I was thinking of a simple solution to > get this exploitable. Since > ** giving an URI with > 998 chars to someone on IRC > is simply NOT done :) > ** Then I remember the iframe-irc:// flaw found by > uuuppzz [2] > ** > ** This exploit will write an malicious HTML file > containing an iframe executing the > ** irc:// address. So you can give this to anyone on > IRC for example ;) > ** The shellcode included does only execute cmd.exe, > because I don't want to be this > ** a scriptkiddy util. But, replacing the shellcode > with your own is also possible. > ** An 400 bytes shellcode (bindshell etc.) easily > fits in the buffer, but it may require > ** some tweaking. > ** After exiting the cmd.exe mIRC will crash, so > shellcode its not 100% clean, but who carez :) > ** > ** Oh yeah, I almost forgot.. this exploit also > works even if mIRC isn't started. > ** mIRC will start automatically when an irc:// is > executed, so you can also send somebody > ** and HTML email containing the evil HTML code. > (only for poor clients like Outlook Express :P) > ** __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html