Scribd
Upload
999 views2 pages

102 - OSCP (Chlorine) Hide01.ir

The document describes an exploit for the EFS Easy Chat Server. It allows remote code execution via an authentication request buffer overflow vulnerability. The exploit is available in Metasploit and can be used by selecting the "efs_easychatserver_username" Windows exploit and setting the target to auto. Alternatively, a manual exploit can be crafted after identifying the bad characters from the Metasploit module. References provided give guidance on developing the manual exploit. The summary ends with a copyright statement.

Uploaded by

Yamen Ababneh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
999 views2 pages

102 - OSCP (Chlorine) Hide01.ir

The document describes an exploit for the EFS Easy Chat Server. It allows remote code execution via an authentication request buffer overflow vulnerability. The exploit is available in Metasploit and can be used by selecting the "efs_easychatserver_username" Windows exploit and setting the target to auto. Alternatively, a manual exploit can be crafted after identifying the bad characters from the Metasploit module. References provided give guidance on developing the manual exploit. The summary ends with a copyright statement.

Uploaded by

Yamen Ababneh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

.. .. .

x .d88" dF oec : @88>


.uef^"
u. 5888R '88bu. @88888 %8P u. u.
:d88E
uL ...ue888b '888R '*88888bu 8"*88% . x@88k
u@88c. . `888E
.ue888Nc.. 888R Y888r 888R ^"*8888N 8b. .@88u
^"8888""8888" .udR88N 888E .z8k
d88E`"888E` 888R I888> 888R beWE "888L u888888> ''888E` 8888 888R
<888'888k 888E~?888L
888E 888E 888R I888> 888R 888E 888E 8888R 888E 8888 888R 9888
'Y" 888E 888E
888E 888E 888R I888> 888R 888E 888E 8888P 888E 8888 888R 9888
888E 888E
888E 888E u8888cJ888 888R 888E 888F *888> 888E 8888 888R 9888
888E 888E
888& .888E "*888*P" .888B . .888N..888 4888 888& "*88*" 8888" ?
8888u../ 888E 888E
*888" 888& 'Y" ^*888% `"888*"" '888 R888" "" 'Y"
"8888P' m888N= 888>
`" "888E "% "" 88R "" "P'
`Y" 888
.dWi `88E 88>
J88"
4888~ J8% 48
@%
^"===*"` '8
:"

01100111 01101111 01101100 01100100 01100110 01101001 01101110 01100011 01101000

......

Clorine 102

****************
User:
*****************

Enum there is a 80 has clorine hostname and SMB and EFS Easy Chat Server

the exploit
EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)

https://www.exploit-db.com/exploits/16772

Metasploit:

use windows/http/efs_easychatserver_username

target set to auto


change payload from meterpreter to normal shell
for some reasons meterpreter dying.

alternative way

you can make manual exploit and you will not lose your wildcard(metasploit)

we got badchars from the exploit

'BadChars' => "\x00\x0a\x0b\x0d\x20\x23\x25\x26\x2b\x2f\x3a\x3f\x5c",

Ref:
https://www.fuzzysecurity.com/tutorials/expDev/3.html

https://www.doyler.net/security-not-included/easy-chat-server-exploit

© All rights reserved goldfinch.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy