Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-2233 PoC — HexChat 缓冲区错误漏洞

Source
https://github.com/fath0218/CVE-2016-2233
Associated Vulnerability
Title:HexChat 缓冲区错误漏洞 (CVE-2016-2233)
Description:Hexchat(前称XChat-WDK)是一套跨平台的IRC(一种通过网络的即时聊天方式)通讯软件。 HexChat 2.10.2版本中的common/inbound.c文件中的‘inbound_cap_ls’函数存在基于栈的缓冲区溢出漏洞。体验错服务器端攻击者可利用该漏洞造成拒绝服务(崩溃)。
Description
This is an exploitation guide for CVE-2016-2233
Readme
# CVE-2016-2233

CVE-2016-2233 is a stack-based buffer overflow vulnerability related with a wide-used IRC software Hexchat. We build a IRC server and launch the attack on it to make all the client connected to the server crash. We exploited our attack on Ubuntu 12.04 using Python. We make a patch to fix the vulnerability and prove it indeed works by various tests.

## How to install Hexchat
System Environment: Ubuntu 12.04 seed

Python Version: 2.7.12

To set up the dependencies, the following command should be executed:

````clojure
sudo apt-get install gnome-common
sudo apt-get install libglib2.0-dev
sudo apt-get update
sudo apt-get install libgtk2.0-dev
````

Then extract the hexchat-2.10.2.zip file and enter the folder. Install the software using the following commands:
````clojure
./autogen.sh
./configure
Make
sudo make install
````
## How to Setup IRCD-IRC2 on Server

The following commands are used to install ircd-irc2:
````clojure
sudo apt install ircd-irc2
````
After the server is installed, use the following 2 commands to restart NetworkManager, and start the service. 
````clojure
sudo systemctl restart NetworkManager
sudo systemctl restart ircd-irc2
````

## How to Connect to Server

1. Find HexChat and double click to open
2. Set up nicknames
3. Press “Add” to add a network server
4. Name the server as “CVE Server” and press enter to confirm
5. Then press “Edit” to set up details such as IP address and Port number of the server
6. Edit the server in the pop-up window. 
7. Set the IP address to 10.0.2.6, and use default port 6667
8. Press “Connect” and enter a random name for the channel name
9. Repeat these steps for the other client and both clients should be in the same channel


## How to Exploit Attack

The exploit is run on the server, where the attacker occupies and listens to the port IRC is using, and spoof packets with a large payload to overflow the buffer on client’s side and make clients crash. 

1.client make connection to server
2.Stop the IRC service, and restart NetworkManager to enable the change
````clojure
sudo systemctl kill ircd-irc2
sudo systemctl restart NetworkManager
````
3.run the attack.py program on server


## How to patch

Replace the inbound.c file and reinstall the software using the following commands:
````clojure
./autogen.sh
./configure
Make
sudo make install
````
File Snapshot

 [4.0K]  /data/pocs/3caf727b6dbaf19a003aa70170e0800cd89c1353
├── [2.3K]  attack.py
├── [2.6M]  hexchat-2.10.2.tar.gz
├── [ 42K]  inbound.c
└── [2.3K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.