10strike network inventory explorer 8.54 local buffer overflow (seh) (dep bypass) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-01-30 |
Type : local |
Platform : windows
This exploit / vulnerability 10strike network inventory explorer 8.54 local buffer overflow (seh) (dep bypass) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
# Exploit Author: bzyo
# Twitter: @bzyo_
# Exploit Title: 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)
# Date: 01-29-19
# Vulnerable Software: 10-Strike Network Inventory Explorer 8.54
# Vendor Homepage: https://www.10-strike.com/
# Version: 8.54
# Software Link 1: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe
# Tested Windows 7 SP1 x86
# PoC
# 1. run script
# 2. open app, select Computers tab
# 3. click on 'From Text File'
# 4. choose 10strike.txt that was generated
# 5. pop calc
# manually created ropchain based on mona.py 'rop.txt' and 'ropfunc.txt' finds
# practicing dep bypass by not using auto generated mona.py ropchains
# original seh poc from Hashim Jawad, EDB: 44838
# notes from author state offset is based upon username size, username for poc is 'user'