CLBOF example.
Command Line Overflow, technically known as Command Line's Buffer Overflow Attack or CLBOF, is an vulnerability in WinMUGEN that allows for arbitrary code execution at the time the engine is loaded via script files (.bat or .cmd files), which is generally used for quick versus matches.
This vulnerability is considered to be external despite the fact that the arbitrary code is generated internally. It is also assumed to be one of the fastest and most powerful technologies.
It was discovered by the Japanese community, prior to October 2022, but at that time it had not been confirmed as a vulnerability . It was confirmed by Ryori in late 2023 with his PoC batch file. Unfortunately, there are some limitations on the use of shellcode bytes, besides its unstability, but it is still examined for a future use.
It could be considered as the strongest version of Postman method, as the author is now capable of taking the engine's control flow for either setting a further customized initialization or loading external libraries.
Exploit Details[]
As implied by the vulnerability's technical name, it takes advantage of a Buffer Overflow type vulnerability in the Command Line text parser, ParseCMDLine, which is used to handle customized parameters (Such as, -nojoy, -p1.life, -p2.life, -rounds, and etcetera) when the engine is loaded with script files.
Text parser's buffer size is assignated to 1024 bytes by default, and when a command line text exceeds the assignated size, causes its return address to be overwritten, resulting in a potential arbitrary code execution.
After having taken the program's control flow, it is required to indirectly inject the shellcode, with methods like ASCII byte conversion, into the buffer region as non printable bytes cannot be used for this exploit.
Bytes such as 0xE0, 0x07, 0x3C and others, unfortunately, cannot be used since they can give problems in startup, resulting in abnormal behavior or program crash.