/CVE-2016-2233

This is an exploitation guide for CVE-2016-2233

Primary LanguageC

CVE-2016-2233

CVE-2016-2233 is a stack-based buffer overflow vulnerability related with a wide-used IRC software Hexchat. We build a IRC server and launch the attack on it to make all the client connected to the server crash. We exploited our attack on Ubuntu 12.04 using Python. We make a patch to fix the vulnerability and prove it indeed works by various tests.

How to install Hexchat

System Environment: Ubuntu 12.04 seed

Python Version: 2.7.12

To set up the dependencies, the following command should be executed:

sudo apt-get install gnome-common
sudo apt-get install libglib2.0-dev
sudo apt-get update
sudo apt-get install libgtk2.0-dev

Then extract the hexchat-2.10.2.zip file and enter the folder. Install the software using the following commands:

./autogen.sh
./configure
Make
sudo make install

How to Setup IRCD-IRC2 on Server

The following commands are used to install ircd-irc2:

sudo apt install ircd-irc2

After the server is installed, use the following 2 commands to restart NetworkManager, and start the service.

sudo systemctl restart NetworkManager
sudo systemctl restart ircd-irc2

How to Connect to Server

  1. Find HexChat and double click to open
  2. Set up nicknames
  3. Press “Add” to add a network server
  4. Name the server as “CVE Server” and press enter to confirm
  5. Then press “Edit” to set up details such as IP address and Port number of the server
  6. Edit the server in the pop-up window.
  7. Set the IP address to 10.0.2.6, and use default port 6667
  8. Press “Connect” and enter a random name for the channel name
  9. Repeat these steps for the other client and both clients should be in the same channel

How to Exploit Attack

The exploit is run on the server, where the attacker occupies and listens to the port IRC is using, and spoof packets with a large payload to overflow the buffer on client’s side and make clients crash.

1.client make connection to server 2.Stop the IRC service, and restart NetworkManager to enable the change

sudo systemctl kill ircd-irc2
sudo systemctl restart NetworkManager

3.run the attack.py program on server

How to patch

Replace the inbound.c file and reinstall the software using the following commands:

./autogen.sh
./configure
Make
sudo make install