czwartek, 9 maja 2019

Crashing DeviceNet Builder

Below you will find few details from just another fuzzing session - this time I tried DeviceNet Builder (2.04) from DeltaElectronics. Here we go...
Just like before [1, 2, 3] below you will find few details:

TL;DR - 2 exploitable bugs as usual at my github - enjoy ;)

We should start here:


#01 - Exploitable:

---<windbg>---
eax=005e7ddc ebx=00000001 ecx=0255b3cc edx=00000001 esi=0175f8b4 edi=fe95ffff
eip=0057a45e esp=0175e1ec ebp=0175e20c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
image00400000+0x17a45e:
0057a45e 80243800        and     byte ptr [eax+edi],0       ds:0023:fef47ddb=??
---</windbg>---


#02 - Exploitable - ntdll!RtlQueueWorkItem+0x5e3:


---<windbg>---
eax=5971993e ebx=05000000 ecx=77923ab9 edx=00000000 esi=04fffff8 edi=003e0000
eip=7788bdc6 esp=0175f84c ebp=0175f888 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
ntdll!RtlQueueWorkItem+0x5e3:
7788bdc6 3106            xor     dword ptr [esi],eax  ds:0023:04fffff8=78787878
---</windbg>---


See you next time.

Cheers,
Cody



Brak komentarzy:

Prześlij komentarz