New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added audiotran_pls_1424 fileformat for Windows #3000
added audiotran_pls_1424 fileformat for Windows #3000
Conversation
Where did you get the p/p/r from, and why did you need to change it? |
'Platform' => 'win', | ||
'Targets' => | ||
[ | ||
[ 'Windows Universal', { 'Ret' => 0x1001cd67 } ], #p/p/r |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please comment where you got your p/p/r from. :)
Just looking for an explanation. :) |
It did not need to be changed and I don't mind changing this back to the On Sun, Feb 16, 2014 at 4:40 PM, wvu-r7 notifications@github.com wrote:
|
end | ||
|
||
def exploit | ||
sploit = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0D\x0A\x46\x69\x6C\x65\x31\x3D" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sploit = "[playlist]\r\nFile1="
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand that the line is from the original exploit, but we have no need to hide things as hex. :)
Ah, okay. If it's a reliable p/p/r, then that's great. Just comment where you got it from. Thanks! |
Specifically where you got it from. So, the binary? A DLL? Which DLL? :) |
I suppose I could figure it out myself, but I'll let you make the commit. :P Exploit looks great, btw! |
Windows XP SP3:
Windows 7 SP1:
|
Awesome, thank you for verifying! I should have posted output from the testing I did as well. Let me know if there is anything else I need to do to get this merged in. |
Thanks for being on top of this, @Fillfish. :) |
This is missing references and disclosure date. |
This is a port of an SEH exploit from exploit-db[1]. I modified the p/p/r address of the exploit and testing this on Windows XP. The exploit-db page has a link to the vulnerable software for testing.
[1] http://www.exploit-db.com/exploits/14961/