Lanspy 2.0.1.159 local buffer overflow Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-12-19 |
Type : local |
Platform : windows
This exploit / vulnerability Lanspy 2.0.1.159 local buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
#------------------------------------------------------------------------------------------------------------------------------------#
# Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCE(PoC) #
# Date: 2018-12-16 #
# Author: Juan Prescotto #
# Tested Against: Win7 Pro SP1 64 bit #
# Software Download #1: https://www.exploit-db.com/apps/70a780b78ee7dbbbbc99852259f75d53-lanspy_setup_2.0.1.159.exe #
# Software Download #2: https://lizardsystems.com/download/lanspy_setup.exe #
# Version: 2.0.1.159 #
# Special Thanks to my wife for allowing me spend countless hours on this passion of mine #
# Credit: Thanks to Gionathan "John" Reale (https://www.exploit-db.com/exploits/45968) for his work on the Denial of Service exploit #
# Steps : Open the APP > click on the scan field > paste in contents from the .txt file that was generated by this script #
#------------------------------------------------------------------------------------------------------------------------------------#
# Bad Characers: \x00 thru \x20 and \x2c\x2d #
# EIP Offset: 680 #
# Non-Participating Modules: lanspy.exe #
#------------------------------------------------------------------------------------------------------------------------------------#
# Run LanSpy with Administrative Rights, when exploit.txt contents are pasted into scan field and run a Local User will be created: #
# User: Metasploit Password: MyPassword12 #
#------------------------------------------------------------------------------------------------------------------------------------#
# EIP overwrite --> JMP ECX --> Short Relative Reverse JMP --> Long Relative Reverse JMP --> NoPs --> Stack Adjustment --> Shellcode #
#------------------------------------------------------------------------------------------------------------------------------------#