10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) | Lucideus

Author: Hashim Jawad
Published:5/6/2018
EDB-ID:44840
Requirements: Windows 7, 10 Strike Network Inventory Explorer 8.54
Exploit-DB link: https://www.exploit-db.com/exploits/44840/
Software Download Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe

Buffer Overflow
It is a condition when a program is writing data to the memory buffer and it overruns the buffer boundary and writes data to adjacent buffers.

SEH
SEH - Structured exception handler is a protection mechanism that was implemented to stop the abuse of buffer overflow, Unfortunately SEH can be abused by attackers by finding space enough to write data prior to SEH overwrite.

Working Of SEH
The Exception Handlers are linked to each other
They form a linked list chain on the stack and sit relatively close to the bottom of stack, When an exception occurs, windows retrieves the head of SEH chain walks through the list and tries to find the suitable handler to close the application properly, In this case, the buffer overflow opens 4444 port for reverse tcp/udp connection.

Step 1: Download the python code and run it


Step 2: Here is a New file called “Evil.txt” would be created, Open and copy its contents


Step 3: Open 10 Strike Network Inventory Explorer and hit help then click on “Enter Registration Key” and paste the copied contents into the key field and hit “OK”





Step 4: In your local area network open Terminal in Kali Linux and use netcat to listen and connect 

Command : nc -nv victim_ip 4444
                                                                  Video Proof of Concept

No comments:

Powered by Blogger.