CyberCop Scanner Smbgrind 5.5 – Buffer Overflow (PoC)

• Exploit Database
• 14 阅读

• 作者： hyp3rlinx
  日期： 2016-02-16
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/39452/

• [+] Credits: hyp3rlinx
  
  [+] Website: hyp3rlinx.altervista.org
  
  [+] Source:
  http://hyp3rlinx.altervista.org/advisories/SMBGRIND-BUFFER-OVERFLOW.txt
  
  
  
  Vendor:
  =======================
  Network Associates Inc.
  
  
  
  Product:
  ===========================================
  smbgrind: NetBIOS parallel password grinder
  circa 1996-1999
  
  smbgrind.exe is a component of CyberCop Scanner v5.5. It is intended to
  remotely crack SMB
  usernames and passwords, used to establish a login session to the remote
  NetBIOS file server.
  Cybercop was discontinued back in 2002.
  
  usage: smbgrind -i <address> [options]
  
  -rRemote NetBIOS name of destination host
  -iIP address of destination host
  -uName of userlist file (default NTuserlist.txt)
  -pName of password list file (default NTpasslist.txt)
  -lNumber of simultaneous connections (max: 50 default: 10)
  -vProvide verbose output on progress
  
  
  
  Vulnerability Type:
  ===================
  Buffer Overflow
  
  
  
  CVE Reference:
  ==============
  N/A
  
  
  
  Vulnerability Details:
  ======================
  
  Smbgrind.exe succumbs to buffer overflow when supplied a large number of
  bytes (1206) for the -r switch for the remote
  NetBios name of destination host. Resulting in memory corruption
  overwriting several registers...
  
  GDB dump...
  
  Program received signal SIGSEGV, Segmentation fault.
  0x0040c421 in ?? ()
  (gdb) info r
  eax0x33
  ecx0x41414141 1094795585
  edx0x41414141 1094795585
  ebx0x41414141 1094795585
  esp0x241e89c0x241e89c
  ebp0x241e8a80x241e8a8
  esi0x401408 4199432
  edi0x41414141 1094795585
  eip0x40c421 0x40c421
  eflags 0x10283[ CF SF IF RF ]
  cs 0x23 35
  ss 0x2b 43
  ds 0x2b 43
  es 0x2b 43
  fs 0x53 83
  gs 0x2b 43
  (gdb)
  
  
  smbgrind core dump file...
  
  (C:\smbgrind.exe 1000) exception C0000005 at 40C421
  
  (C:\smbgrind.exe 1000) exception: ax 2 bx 41414141 cx 41414141 dx 41414141
  
  (C:\smbgrind.exe 1000) exception: si 401408 di 41414141 bp 241F39C sp
  241F390
  
  (C:\smbgrind.exe 1000) exception is: STATUS_ACCESS_VIOLATION
  
  
  
  [+] Disclaimer
  Permission is hereby granted for the redistribution of this advisory,
  provided that it is not altered except by reformatting it, and that due
  credit is given. Permission is explicitly given for insertion in
  vulnerability databases and similar, provided that due credit is given to
  the author.
  The author is not responsible for any misuse of the information contained
  herein and prohibits any malicious use of all security related information
  or exploits by the author or elsewhere.
  
  hyp3rlinx