Summary:
vulnerable software : Brainpan.exe system vulnerable : 192.168.1.119:9999 vulnerability explanation : Brainpan's user input is vulnerable to Buffer Overflow . severity : critical
Enumeration:
Command run:
└──╼ $nmap 192.168.1.119 -sV -sCStarting Nmap 7.70SVN ( https://nmap.org ) at 2019-01-30 07:08 GMTNmap scan report for 192.168.1.119Host is up (0.0021s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION9999/tcp open abyss?| fingerprint-strings:| NULL:| _| _|| _|_|_| _| _|_| _|_|_| _|_|_| _|_|_| _|_|_| _|_|_|| _|_| _| _| _| _| _| _| _| _| _| _| _|| _|_|_| _| _|_|_| _| _| _| _|_|_| _|_|_| _| _|| [________________________ WELCOME TO BRAINPAN _________________________]|_ ENTER THE PASSWORD10000/tcp open http SimpleHTTPServer 0.6 (Python 2.7.3)|_http-title: Site doesn't have a title (text/html).
Directories discovery:
└──╼ $dirb http://192.168.1.119:10000/-----------------DIRB v2.22By The Dark Raver-----------------START_TIME: Wed Jan 30 07:06:19 2019URL_BASE: http://192.168.1.119:10000/WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt-----------------GENERATED WORDS: 4612---- Scanning URL: http://192.168.1.119:10000/ ----+ http://192.168.1.119:10000/bin (CODE:301|SIZE:0)+ http://192.168.1.119:10000/index.html (CODE:200|SIZE:215)
Url location http://192.168.1.119:10000/bin contains brainpan.exe binary providing a web service running on port 9999:
Further tests were conducted on brainpan.exe running on a Windows 10 LTSC machine x32. Here we see that applications user input in prone to Buffer Overflow: