Brainpan - 1 - Buffer Overflow

Summary:

vulnerable software : Brainpan.exe system vulnerable : 192.168.1.119:9999 vulnerability explanation : Brainpan's user input is vulnerable to Buffer Overflow . severity : critical

Enumeration:

Command run:

└──╼ $nmap 192.168.1.119 -sV -sC
Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-01-30 07:08 GMT
Nmap scan report for 192.168.1.119
Host is up (0.0021s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
9999/tcp open abyss?
| fingerprint-strings:
| NULL:
| _| _|
| _|_|_| _| _|_| _|_|_| _|_|_| _|_|_| _|_|_| _|_|_|
| _|_| _| _| _| _| _| _| _| _| _| _| _|
| _|_|_| _| _|_|_| _| _| _| _|_|_| _|_|_| _| _|
| [________________________ WELCOME TO BRAINPAN _________________________]
|_ ENTER THE PASSWORD
10000/tcp open http SimpleHTTPServer 0.6 (Python 2.7.3)
|_http-title: Site doesn't have a title (text/html).

Directories discovery:

└──╼ $dirb http://192.168.1.119:10000/
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Wed Jan 30 07:06:19 2019
URL_BASE: http://192.168.1.119:10000/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://192.168.1.119:10000/ ----
+ http://192.168.1.119:10000/bin (CODE:301|SIZE:0)
+ http://192.168.1.119:10000/index.html (CODE:200|SIZE:215)

Url location http://192.168.1.119:10000/bin contains brainpan.exe binary providing a web service running on port 9999:

Further tests were conducted on brainpan.exe running on a Windows 10 LTSC machine x32. Here we see that applications user input in prone to Buffer Overflow: