[Full-disclosure] Exploiting 'Non-Critical' Media Player Vulnerabilities for Fun and Profit [Perl Version of MS06-006 Exploit]

Matthew Murphy mattmurphy at kc.rr.com
Wed Feb 22 06:33:01 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

After hearing a few thousand complaints from people who lost the
function of the exploit I previously released because of problems
interpreting special characters in the attached HTML file (and bad
cut-and-paste jobs by exploit DBs), I've produced a Perl version of the
code.  Of note is that the Perl version rips a page from the Metasploit
book and allows pluggable shellcode.  A run-of-the-mill shellcode with
the same function of that in the original exploit is distributed with
the tool.

It's not functionally any different (in terms of how the actual attack
works) but the HTML is generated locally rather than shipped through
e-mail gateways in raw form.

For usage instructions and obligatory legal information, read the
comments in the code.

In the event the attached ZIP is stripped by (overzealous) gateway
filters, you can also obtain a copy at:

http://student.missouristate.edu/m/matthew007/research/wmp-plugin/wmp-profiteer.zip

To obtain the PGP signature, just append ".asc" to that URL:

http://student.missouristate.edu/m/matthew007/research/wmp-plugin/wmp-profiteer.zip.asc

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38

iD8DBQFD/AWcfp4vUrVETTgRAzm6AJ0XqpEKP6QyAx35EyjLANcByZdR2ACgrShB
ZcF2o2M594tDPsQdMiaFGcc=
=CC0r
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wmp-profiteer.zip
Type: application/x-zip-compressed
Size: 2120 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060222/abbe880b/attachment.bin 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: wmp-profiteer.zip.asc
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060222/abbe880b/attachment.ksh 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060222/abbe880b/attachment-0001.bin

Full-Disclosure is hosted and sponsored by Secunia.