This repository contains an exploit for Faronics DeepFreeze 8.38.220.5256. It leverages a discovered vulnerability to overwrite the SEH handler and execute a custom WriteProcessMemory-based ROP chain. The payload includes a hand-crafted reverse-shell shellcode that, once injected, establishes a reverse connection back to the attacker.

• SEH overflow to gain control of execution flow
• Custom ROP chain using WriteProcessMemory
• Hand-crafted reverse-shell shellcode placed in process memory
• Two-phase encryption bypass (checksum-based obfuscation followed by random XOR-based encryption) to overcome server-side encryption

• Python 3
• keystone-engine
• capstone
• rich
• numpy

pip install keystone-engine capstone rich numpy
python snowcra5h_deepfreeze_exploit.py

Edit the REVSHELL_IP and REVSHELL_PORT variables in the script before running to configure the reverse shell connection details.

Notes

• Ensure that the target host and port are set in TARGET_IP and TARGET_PORT.
• The exploit sends the payload over TCP. Confirm that the target is running the vulnerable service and listening on the specified port.