This project demonstrates a buffer overflow exploit targeting the Easy RM to MP3 Converter application on a Windows XP virtual machine. The goal of the lab was to exploit a vulnerability within this legacy application by crafting a .m3u file that overwrites key memory addresses, allowing us to control the program’s execution flow. By creating an exploit script in Python (exploits.py), we were able to simulate and analyze the behavior of an application vulnerable to buffer overflow attacks, gaining hands-on experience in understanding and exploiting security weaknesses in older software.
The exploit environment consisted of a Windows XP virtual machine with Easy RM to MP3 Converter installed in C:\Program Files. Immunity Debugger, alongside the Mona plugin, was used to aid in the analysis and execution of the exploit. The main approach involved loading a .m3u file with a buffer payload exceeding the application's limit. This buffer included a sequence of 26094 As to overflow the stack, followed by a memory address (0x000FF758) that redirected execution to a jump instruction. This allowed the payload to control the Extended Instruction Pointer (EIP) and subsequently execute custom shellcode placed within the payload. The exploit also incorporated NOPs (no-operation instructions) and a break instruction to test and stabilize the process. Immunity Debugger and Mona were instrumental in identifying the required memory addresses and verifying that the EIP was reliably overwritten.
By successfully crashing the application and redirecting the EIP to the specified address, this lab provided a practical example of how buffer overflow vulnerabilities operate and how they can be exploited. This exercise highlighted both the technical details of creating an exploit and the importance of careful debugging and memory address mapping in exploit development.
This code is intended strictly for educational use in a controlled environment to help understand software vulnerabilities. Using or adapting this code for unauthorized purposes is illegal and strictly prohibited. For further information on the tools utilized, please refer to Immunity Debugger and Mona Plugin Documentation.
Based on exploit demonstrated by folks at Corelan @ https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/