module

Netcat v1.10 NT Stack Buffer Overflow

Disclosed	Created
2004-12-27	2018-05-30

Disclosed

2004-12-27

Created

2018-05-30

Description

This module exploits a stack buffer overflow in Netcat v1.10 NT. By sending
an overly long string we are able to overwrite SEH. The vulnerability
exists when netcat is used to bind (-e) an executable to a port in doexec.c.
This module tested successfully using "c:\>nc -L -p 31337 -e ftp".

Author

aushack patrick@osisecurity.com.au

Platform

Windows

Architectures

x86

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/misc/netcat110_nt
    msf exploit(netcat110_nt) > show targets
        ...targets...
    msf exploit(netcat110_nt) > set TARGET < target-id >
    msf exploit(netcat110_nt) > show options
        ...show and set options...
    msf exploit(netcat110_nt) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today