Snort Back Orifice Preprocessor Exploit (Win32 targets)]

[jerome.athias at free.fr (Jerome Athias)]

Dear All

I wrote Snort Back Orifice Preprocessor Exploit for Win32 targets. It's for
educational purpose only.
This exploit was tested on

- Snort 2.4.2 Binary + Windows XP Professional SP1
- Snort 2.4.2 Binary + Windows XP Professional SP2
- Snort 2.4.2 Binary + Windows Server 2003 SP1
- Snort 2.4.2 Binary + Windows Server 2000 SP0
- Snort 2.4.2 Bianry + Windows 2000 Professional SP0

Note 01: This exploit was written in form of MetaSploit module, so you need
metasploit to launch it.
Note 02: The exploit's quite reliable, but if it doesn't work on your
machine, try to find address of 'jmp esp' instruction and replace it to the
old return address.

Regards,

Kira


-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort_bo_overflow_win32.pm
Type: application/octet-stream
Size: 3638 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20051101/a27aa0b5/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20051101/a27aa0b5/attachment.bin>