BlazeVideo HDTV Player 6.x Buffer Overflow (another version)

Hi again, we tried to make a universal DEP and ASLR bypass version on BlazeVideo HDTV Player 6.x. This exploit is already public, but we just want to make it universal. Take a look at mona.py 🙂 awesome tool developed by corelanc0d3r and his team So here is the poc, it will bind to port…

Porting Your Exploit to Metasploit

Beberapa waktu yang lalu saya udah memberikan tutorial basic exploit development (direct return technique) dan exploit development berbasis SEH. Sekarang mari kita porting exploit tersebut ke Metasploit Framework agar exploit tersebut semakin reliable dan bisa menggunakan macam-macam payload, fitur-fitur canggih yang ada di Metasploit. Kita akan meng-konversi exploit yang pertama, yaitu Free CD to MP3…

ScriptFTP <=3.3 Remote Buffer Overflow Exploit (0day)

ScriptFTP client is vulnerable against remote buffer overflow vulnerability. The condition is triggered while processing LIST FTP command with excessive length. The vulnerability is confirmed in version 3.3. Other version may also be affected. Software Description ScriptFTP is a FTP client designed to automate file transfers. It follows the commands written on a text file…

SEH Based Stack Overflow – The Basic

Kali ini saya akan coba tehnik lain dari stack overflow, yaitu stack overflow berbasis SEH. Apa itu SEH? silakan dibaca diliteratur-literatur berikut: Structured Exception Handling Win32 Exception handling for assembler programmers Tidak ada yang lebih menyenangkan daripada belajar sambil mencoba. Kita akan mencoba SEH based stack overflow pada program yang pernah di post oleh sickness,…

Mel0nPlayer 1.0.11.x Denial of Service POC

Software Description Mel0n Player is a famous software in Indonesia to play music that are provided by the Melon portal (http://www.melon.co.id). This software can play any music file types such as mp3, wav, wma, mp4, and others. This player can also play the files on your local computer or by online streaming to the portal…

Useful Addresses When Dealing with ROP

Saya nulis ini supaya ga lupa. Sebenarnya bisa dicari lagi sih alamat ini, cuma lebih enak klo udah ada disini tanpa nyari lagi khan?!. Sejumlah alamat yang dipake untuk tehnik ROP, sbb: VirtualAlloc() Secara sederhana, fungsi VirtualAlloc() akan mengalokasikan memory baru. Salah satu dari parameter di fungsi ini yang bisa membuat memory yang baru bisa…

QuickShare File Server 1.2.1 FTP Directory Traversal Vulnerability

QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system. Software Description QuickShare File Server is a easy to use file sharing software helps you build…

FTPGetter v3.58.0.21 Buffer Overflow (PASV) Exploit

A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user's system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to a malicious server that is running PASV mode. The PASV command is issued to tell…

SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability

SolarFTP Server 2.0 is prone to a denial of service condition. It fails to properly sanitize user-supplied input resulting in a denial of service. With a specially crafted 'USER', 'APPE', 'GET', 'PUT', and 'NLST' command, a remote attacker can potentially disable the FTP service. Software Description Solar FTP Server is a handy and easy to…

Batch Audio Converter <=v.1.0.0 Stack Overflow (SEH)

Iseng-iseng nyari aplikasi yang bisa diotak-atik buat maenan SEH, dapet juga aplikasi Batch Audio Converter <= v.0.4.0.0 dan berhasil di eksploitasi dengan sukses melalui SEH Overflow (tulisan mengenai SEH secara jelas bisa dilihat di situs Peter Van Eeckhoutte dan situs underground Indonesia tertua, Kecoak Elektronik). Ngeliat versi dari aplikasinya, saya liat di Help/About pada aplikasi…