The following warnings occurred:
Warning [2] count(): Parameter must be an array or an object that implements Countable - Line: 906 - File: showthread.php PHP 7.2.24-0ubuntu0.18.04.15 (Linux)
File Line Function
/showthread.php 906 errorHandler->error




Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Arbitrary code execution exploit
#1
Did you ever think that CBot is quite limited and you would like it to be able to do more stuff, like open applications on your computer? Now you can do that! I present you the first exploit for Colobot ever published. This CBot program exploits a buffer overflow vulnerability in CBot debugger to achieve arbitrary code execution and open Notepad.

[video=youtube]https://youtu.be/DC6mNpyRN9g[/video]

I'm attaching the program code. It is designed to work on the 1.9 PL version of original Colobot, the exact version that is available in our download, and will probably not work on any other version. It may or may not work operating systems other than Windows 10 (with WinXP SP3 compatibility enabled in program settings) - not tested. Note that the program code includes a lot of binary characters that you can't normally type on a keyboard, so a simple copy-paste may not work.

PS. This vulnerability is already patched in Gold, see https://github.com/colobot/colobot/commi...142166429b


Attached Files
.txt   Colobot_ACE_exploit.txt (Size: 919 bytes / Downloads: 576)


Messages In This Thread
Arbitrary code execution exploit - by krzys_h - 12-29-2016, 12:13 AM
RE: Arbitrary code execution exploit - by krzys_h - 12-29-2016, 10:38 AM
RE: Arbitrary code execution exploit - by krzys_h - 12-29-2016, 11:48 PM
RE: Arbitrary code execution exploit - by krzys_h - 02-13-2017, 08:03 PM
RE: Arbitrary code execution exploit - by patrol - 03-08-2017, 07:43 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)