CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/http/dupscts_bof.md
Views: 1904
Vulnerable Application
This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise] versions <= 10.0.18, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server which can be leveraged to execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
This module supports x86 versions of Dup Scout Enterprise and x86 Windows operating systems only and has been tested successfully on Windows 7 SP1 (x86) and Windows XP SP0 (x86).
Verification Steps
Download:
https://www.exploit-db.com/apps/84dcc5fe242ca235b67ad22215fce6a8-dupscoutent_setup_v10.0.18.exe
https://www.exploit-db.com/apps/d83948ebf4c325eb8d56db6d8649d490-dupscoutent_setup_v9.9.14.exe
https://www.exploit-db.com/apps/4ead3eadc19bf3511e8dfd606624e310-dupscoutent_setup_v9.1.14.exe
https://www.exploit-db.com/apps/3ca0c9aee534994bc6894bfb309e5a4f-dupscoutent_setup_v9.0.28.exe
https://web.archive.org/web/20170302/http://www.dupscout.com/setups/dupscoutent_setup_v9.0.28.exe
https://web.archive.org/web/20160408/http://www.dupscout.com/setups/dupscoutent_setup_v8.3.16.exe
https://web.archive.org/web/20160826/http://www.dupscout.com/setups/dupscoutent_setup_v8.4.16.exe
Install the application from the link above and enable the web server by going to Tools -> Advanced Options -> Server -> Enable Web Server on Port.
Metasploit:
Start msfconsole
Do:
use exploit/windows/http/dupscts_bofDo:
set rhosts <rhosts>Do:
runYou should get a shell.