"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"

Author

Exploit author

boku

Platform

Exploit platform

windows

Release date

Exploit published date

2020-02-17

 Download file
# Exploit Title: BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
# Exploit Author: boku
# Date: 2020-02-10
# Vendor Homepage: https://www.weird-solutions.com
# Software Link: https://www.weird-solutions.com/download/products/bootpt_demo_IA32.exe
# Version: 2.0.1214
# Tested On: Windows 10 (32-bit)

C:\Users\user>wmic service get name, pathname, startmode | findstr "BOOTP" | findstr /i /v """
BOOTP Turbo                               C:\Program Files\BOOTP Turbo\bootpt.exe                                            Auto

C:\Users\user>sc qc "BOOTP Turbo"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: BOOTP Turbo
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\BOOTP Turbo\bootpt.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : BOOTP Turbo
        DEPENDENCIES       : Nsi
                           : Afd
                           : NetBT
                           : Tcpip
        SERVICE_START_NAME : LocalSystem

Release Date	Title	Type	Platform	Author
2020-08-05	"ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)"	dos	windows	MegaMagnus
2020-08-05	"Stock Management System 1.0 - Authentication Bypass"	webapps	php	"Adeeb Shah"
2020-08-05	"QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Pi-hole 4.3.2 - Remote Code Execution (Authenticated)"	webapps	python	"Luis Vacacas"
2020-08-04	"Daily Expenses Management System 1.0 - 'username' SQL Injection"	webapps	php	"Daniel Ortiz"
2020-08-04	"RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-07-30	"Online Shopping Alphaware 1.0 - Authentication Bypass"	webapps	php	"Ahmed Abbas"
2020-07-29	"Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting"	webapps	php	"Jinson Varghese Behanan"
2020-07-29	"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion"	webapps	hardware	0xmmnbassel

Release Date	Title	Type	Platform	Author
2020-08-05	"ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)"	dos	windows	MegaMagnus
2020-08-05	"QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-07-26	"Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)"	local	windows	"Felipe Winsnes"
2020-07-26	"DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)"	dos	windows	"Felipe Winsnes"
2020-07-26	"Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)"	local	windows	"Sarang Tumne"

Release Date	Title	Type	Platform	Author
2020-07-26	"Online Course Registration 1.0 - Unauthenticated Remote Code Execution"	webapps	php	boku
2020-07-26	"LibreHealth 2.0.0 - Authenticated Remote Code Execution"	webapps	php	boku
2020-06-16	"Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path"	local	windows	boku
2020-06-10	"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)"	local	windows	boku
2020-05-22	"Gym Management System 1.0 - Unauthenticated Remote Code Execution"	webapps	php	boku
2020-05-07	"Pisay Online E-Learning System 1.0 - Remote Code Execution"	webapps	php	boku
2020-05-01	"Online Scheduling System 1.0 - Persistent Cross-Site Scripting"	webapps	php	boku
2020-05-01	"Online Scheduling System 1.0 - Authentication Bypass"	webapps	php	boku
2020-05-01	"ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting"	webapps	php	boku
2020-04-20	"Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)"	local	windows	boku
2020-04-20	"Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path"	local	windows	boku
2020-04-13	"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)"	local	windows	boku
2020-02-17	"DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path"	local	windows	boku
2020-02-17	"TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path"	local	windows	boku
2020-02-17	"Cuckoo Clock v5.0 - Buffer Overflow"	local	windows	boku
2020-02-17	"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"	local	windows	boku
2020-02-14	"HomeGuard Pro 9.3.1 - Insecure Folder Permissions"	local	windows	boku
2020-02-14	"SprintWork 2.3.1 - Local Privilege Escalation"	local	windows	boku
2020-02-13	"OpenTFTP 1.66 - Local Privilege Escalation"	local	windows	boku
2020-02-11	"Disk Savvy Enterprise 12.3.18 - Unquoted Service Path"	local	windows	boku
2020-02-11	"freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path"	local	windows	boku
2020-02-11	"Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path"	local	windows	boku
2020-02-11	"FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path"	local	windows	boku
2020-02-11	"Torrent iPod Video Converter 1.51 - Stack Overflow"	local	windows	boku
2020-02-11	"Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path"	local	windows	boku
2020-01-27	"Torrent 3GP Converter 1.51 - Stack Overflow (SEH)"	local	windows	boku
2020-01-23	"BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)"	dos	windows	boku
2019-12-30	"FTP Navigator 8.03 - Stack Overflow (SEH)"	local	windows	boku
2019-12-30	"Domain Quester Pro 6.02 - Stack Overflow (SEH)"	local	windows	boku
2019-12-30	"AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)"	local	windows	boku

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/48078/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Search for hundreds of thousands of exploits

"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.