MSN / windows live messenger crash - Exploit

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

MSN / windows live messenger crash - Exploit

Post by Sethioz »

Latest "12 may 2009" msn has a bug that allows attacker to crash his/her victim's msn.

Bug:

Code: Select all

charset=UTF-8
can be changed to crash somebody's msn remotly

Exploit:
use a packet editor like WPE pro to change

Code: Select all

charset=UTF-8
to

Code: Select all

charset=UTF-%n
and send the packet.
you can capture ANY text packet, then change it and resend.
note that your victim is not be able to see the packet (message) that contains the invalid charset with %n

I wrote a quick .dll injection exploit too (using proxocket). all you need to do is put those 2 .dll files into your windows live folder (where your msnmsgr.exe is), restart your msn (totally EXIT msn, not just logout) and then just contact somebody who has the latest msn (12 may 2009, windows live 9 something) and he/she will crash (in case he/she has the msn version with that bug)
as noted before, your victim will NOT see the message you send with the %n changes in it, so my .dll injection exploit can be totally invisible to normal users, however if they monitor it with a packet capturing tool, they will see the packet.
earlier versions are uneffected, however i only tested on 8.5
NOTE2 - you are not be able to talk to anybody, because message will not show on other side ! even if they are using uneffected msn (it means they wont crash, but they wont see message either)
Attachments
msn_crash.rar
(21.5 KiB) Downloaded 600 times
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: Exploit - MSN / windows live messenger crash

Post by TeamRetox »

Had so much fun crashing my nephew ^^ he said 'OMFG FUCKIN BULLSHIT MSN KEEPS SHUTTING DOWN'
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Exploit - MSN / windows live messenger crash

Post by Sethioz »

this is what you get for using the latest gay version...im still on 8.5 and im not planning to change it.
oh yeah and its also possible to make a fix for this using proxocket, by replacing the incoming packet.
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: Exploit - MSN / windows live messenger crash

Post by TeamRetox »

Could you upload the proxocket source? I've been using my own WSA_recv hook but it crashes quite a lot ^^
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Exploit - MSN / windows live messenger crash

Post by Sethioz »

http://aluigi.org/mytoolz/proxocket.zip < im not author of proxocket, it's Luigi's program.
Post Reply