fr33project

DOWNLOAD

Adaptation of milw0rm's exploit: 2873 ( http://www.milw0rm.com/exploits/2873/
http://secunia.com/cve_reference/CVE-2006-6287/ ) it seems that the exploit just
mentioned does not work very well, at least it does a RET to me, over the trashed bytes
instead over the address were a JMP ESP is produced for the Windows XP SP2 Spanish
version, also when arguments are filtered the exploit does not allow to use the Windows XP
SP2 Spanish (???) option among others. ther was another compilation error because it was
not doing a conversion (casting), this minimal adapted exploit seems to work now, the
shellcode is used to do a “net user add”.

Debugging screenshots: expl1 expl2 expl3 (usefull for anyone that wants to see how the
explotation works).