/*
* AIM Away Message Buffer Overflow Exploit
* Exploit by John Bissell A.K.A. HighT1mes
*
* Exploit:
* ========
* drizzit.c
*
* Vulnerable Software:
* ====================
* – AIM 5.5.3588
* – AIM 5.5.3590 Beta
* – AIM 5.5.3591
* – AIM 5.5.3595
* and a couple others versions…
*
* If you want to try other return addressees for other versions of
* AIM then edit the return address.. But the current one embedded
* will work for sure with all the AIM versions listed above.
*
* I used some of the metasploit shellcode for this exploit with some
* modifications to get this into stealth mode so it is harder to
* detect the attack. Since I’m using metasploit shellcode that means this
* exploit can be used on any NT type OS, like win2k, winnt, winxp across
* any service pack.. I don’t know about SP2 though I haven’t tested
* it yet.
*
* On a side note I pourposly did not include the download+exec shellcode
* even though I have it because I’m sick and tired of these little
* spam/adware bitchs messing peoples computers up for profit.. You can
* still download/upload through the shell to the victim. It just
* isn’t automated like download+exec would be.
*
* In my opinion the reverse connect (-r option) is the most dangerous
* because you can encode your ip address and pick a port, and then
* when the victim visits the evil web page or email whatever.. then the
* attack will automatically open his AIM even its not already open and
* connect to you and then terminate the AIM process to be stealth so
* the victim doesn’t know what him them.. As I remind people in the
* exploit usage you need to remember to use netcat to listen on a
* port you picked for the exploit to connect to…
*
* One reason I decided to include the generation of html code for
* this exploit is I noticed almost no puts small limits on the
* <IFRAME SRC=””> attribute. So when the victim connects to that
* page or reads that email depending on the browser or client,
* The exploit will execute.. IE 6.0 and Mozilla are
* affected by this problem as well as Outlook Express when the
* security settings are set to the Internet Zone.
*
* Excuse the sloppy commandline interface I just wanted to get
* this out to the public.
*
* [ Original advisory posted by Secunia and iDEFENSE. ]
*
* Greets:
* =======
* IsolationX, YpCat, DaPhire, route, #romhack,
* Taylor Hayes, Aria Giovanni, Anthony Rocha,
* InVerse, Deltaflame, Jenna Jameson, iDENFENSE,
* secunia, so1o, John Kerry, and many others…
*
* Compiler:
* =========
* Visual C++ 6.0
*
* To compile you first must add ws2_32.lib to the Object/librarys modules:
* text box under the Project -> Settings menu; then click on the link tab…
*/
Posted inAOL/AIM Exploits