Check my blog at https://haquor.pw for more information and updates to this code.
Just a quick PoC to go along with YouTube demonstration.
Crafting a buffer overflow exploit is way easier than it looks. In this video, I'll show you how to write an exploit for stack-based buffer overflow using the JMP ESP instruction. Using a vulnerable CloudMe executable and Immunity Debugger we can hijack the program flow to run our custom shellcode.
Required Software
- Python (IDLE, python 2.7)
- Metasploit Framework
- Dynamic Analyzer (Debugger): Immunity on Windows, gdb on linux
Target - CloudMe Sync 1.7.1
To check if file has DEP/ALSR/SafeSEH enabled on Windows use Get-PESecurity Powershell script
CVE: https://www.exploit-db.com/exploits/44027
Shellcode: https://gist.github.com/Haquor/30b333ce61ca263ffa3a6d53315cd4d3