We are going to exploit version 1 of the Free MP3 CD Ripper software program. To do this, we need to download and install the product from this location http://free-mp3-cd-ripper.en.softonic.com/. To take advantage of this program's weakness, we are going to use the following Python script, which will generate a malicious .wav file that can be uploaded into the program. The data will be interpreted and will create an overflow condition that we can observe and attempt to tailor and build an exploit. As mentioned before, we are going to load up a number of different characters into this file so that we can guestimate the relative location of the stored EIP value.
#!/usr/bin/env python import struct filename="exploit.wav" fill ="A"*4000 fill +="B"*1000 fill +="C"*1000 exploit = fill writeFile = open (filename, "w") writeFile.write(exploit) writeFile.close()
This script will fill the malicious wave file with four thousand As, one thousand Bs, and one thousand...