Consistency changes for exploit titles and additional references
git-svn-id: file:///home/svn/framework3/trunk@3878 4d416f70-5f16-0410-b530-b9f4589650daunstable
HD Moore
parent
c62905f475
commit
41c81a1e12
|
|
@ -8,7 +8,7 @@ class Exploits::Windows::Dcerpc::MS03_026_DCOM < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft RPC DCOM MSO3-026',
|
'Name' => 'Microsoft RPC DCOM Interface Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the RPCSS service, this vulnerability
|
This module exploits a stack overflow in the RPCSS service, this vulnerability
|
||||||
was originally found by the Last Stage of Delirium research group and has bee
|
was originally found by the Last Stage of Delirium research group and has bee
|
||||||
|
|
@ -22,6 +22,8 @@ class Exploits::Windows::Dcerpc::MS03_026_DCOM < Msf::Exploit::Remote
|
||||||
[
|
[
|
||||||
[ 'OSVDB', '2100' ],
|
[ 'OSVDB', '2100' ],
|
||||||
[ 'MSB', 'MS03-026' ],
|
[ 'MSB', 'MS03-026' ],
|
||||||
|
[ 'BID', '8205' ],
|
||||||
|
[ 'CVE', '2003-0352' ],
|
||||||
],
|
],
|
||||||
'Privileged' => true,
|
'Privileged' => true,
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ class Exploits::Windows::Dcerpc::MS05_017_MSMQ < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft Message Queueing Service MSO5-017',
|
'Name' => 'Microsoft Message Queueing Service Path Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the RPC interface
|
This module exploits a stack overflow in the RPC interface
|
||||||
to the Microsoft Message Queueing service. The offset to the
|
to the Microsoft Message Queueing service. The offset to the
|
||||||
|
|
@ -28,6 +28,7 @@ class Exploits::Windows::Dcerpc::MS05_017_MSMQ < Msf::Exploit::Remote
|
||||||
[ 'CVE', '2005-0059'],
|
[ 'CVE', '2005-0059'],
|
||||||
[ 'MSB', 'MS05-017'],
|
[ 'MSB', 'MS05-017'],
|
||||||
[ 'MIL', '41'],
|
[ 'MIL', '41'],
|
||||||
|
[ 'BID', '13112'],
|
||||||
|
|
||||||
],
|
],
|
||||||
'Privileged' => true,
|
'Privileged' => true,
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ class Exploits::Windows::Mssql::MS02_039_ResOverflow < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'MSSQL 2000/MSDE Resolution Overflow',
|
'Name' => 'Microsoft SQL Server Resolution Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This is an exploit for the SQL Server 2000 resolution
|
This is an exploit for the SQL Server 2000 resolution
|
||||||
service buffer overflow. This overflow is triggered by
|
service buffer overflow. This overflow is triggered by
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ class Exploits::Windows::Mssql::MS02_056_HelloOverflow < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'MSSQL 2000/MSDE Hello Buffer Overflow',
|
'Name' => 'Microsoft SQL Server Hello Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
By sending malformed data to TCP port 1433, an
|
By sending malformed data to TCP port 1433, an
|
||||||
unauthenticated remote attacker could overflow a buffer and
|
unauthenticated remote attacker could overflow a buffer and
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ class Exploits::Windows::Smb::MS03_049_NETAPI < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft NetAddAlternateComputerName MS03-049 Overflow',
|
'Name' => 'Microsoft Workstation Service NetAddAlternateComputerName Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the NetApi32 NetAddAlternateComputerName
|
This module exploits a stack overflow in the NetApi32 NetAddAlternateComputerName
|
||||||
function using the Workstation service in Windows XP.
|
function using the Workstation service in Windows XP.
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ class Exploits::Windows::Smb::MS04_011_LSASS < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft LSASS MSO4-011 Overflow',
|
'Name' => 'Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the LSASS service, this vulnerability
|
This module exploits a stack overflow in the LSASS service, this vulnerability
|
||||||
was originally found by eEye. When re-exploiting a Windows XP system, you will need
|
was originally found by eEye. When re-exploiting a Windows XP system, you will need
|
||||||
|
|
@ -26,6 +26,8 @@ class Exploits::Windows::Smb::MS04_011_LSASS < Msf::Exploit::Remote
|
||||||
'Version' => '$Revision$',
|
'Version' => '$Revision$',
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
|
[ 'BID', '10108' ],
|
||||||
|
[ 'CVE', '2003-0533' ],
|
||||||
[ 'OSVDB', '5248' ],
|
[ 'OSVDB', '5248' ],
|
||||||
[ 'MSB', 'MS04-011' ],
|
[ 'MSB', 'MS04-011' ],
|
||||||
[ 'MIL', '36' ],
|
[ 'MIL', '36' ],
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ class Exploits::Windows::Smb::MS04_039_NETDDE < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft Network Dynamic Data Exchange Server MS04-031',
|
'Name' => 'Microsoft NetDDE Service Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the NetDDE service, which is the
|
This module exploits a stack overflow in the NetDDE service, which is the
|
||||||
precursor to the DCOM interface. This exploit effects only operating systems
|
precursor to the DCOM interface. This exploit effects only operating systems
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ class Exploits::Windows::Smb::MS05_039_PNP < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft PnP MS05-039 Overflow',
|
'Name' => 'Microsoft Plug and Play Service Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the Windows Plug
|
This module exploits a stack overflow in the Windows Plug
|
||||||
and Play service. This vulnerability can be exploited on
|
and Play service. This vulnerability can be exploited on
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ class Exploits::Windows::Smb::MS06_025_RASMANS_REG < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft RASMAN Registry MS06-025 Overflow',
|
'Name' => 'Microsoft RRAS Service RASMAN Registry Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a registry-based stack overflow in the Windows Routing
|
This module exploits a registry-based stack overflow in the Windows Routing
|
||||||
and Remote Access Service. Since the service is hosted inside svchost.exe,
|
and Remote Access Service. Since the service is hosted inside svchost.exe,
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ class Exploits::Windows::Smb::MS06_025_RRAS < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft RRAS MS06-025 Overflow',
|
'Name' => 'Microsoft RRAS Service Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the Windows Routing and Remote
|
This module exploits a stack overflow in the Windows Routing and Remote
|
||||||
Access Service. Since the service is hosted inside svchost.exe, a failed
|
Access Service. Since the service is hosted inside svchost.exe, a failed
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ class Exploits::Windows::Smb::MS06_040_NETAPI < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft NetpwPathCanonicalize MS06-040 Overflow',
|
'Name' => 'Microsoft Server Service NetpwPathCanonicalize Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a stack overflow in the NetApi32 CanonicalizePathName() function
|
This module exploits a stack overflow in the NetApi32 CanonicalizePathName() function
|
||||||
using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that
|
using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ class Exploits::Windows::Ssl::MS04_011_PCT < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft SSL PCT MS04-011 Overflow',
|
'Name' => 'Microsoft Private Communications Transport Overflow',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a buffer overflow in the Microsoft
|
This module exploits a buffer overflow in the Microsoft
|
||||||
Windows SSL PCT protocol stack. This code is based on Johnny
|
Windows SSL PCT protocol stack. This code is based on Johnny
|
||||||
|
|
@ -25,11 +25,13 @@ class Exploits::Windows::Ssl::MS04_011_PCT < Msf::Exploit::Remote
|
||||||
crash of the remote system.
|
crash of the remote system.
|
||||||
|
|
||||||
},
|
},
|
||||||
'Author' => [ 'hdm', 'Johnny Cyberpunk <jcyberpunk@thc.org>' ],
|
'Author' => [ 'hdm' ],
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Version' => '$Revision$',
|
'Version' => '$Revision$',
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
|
[ 'BID', '10116'],
|
||||||
|
[ 'CVE', '2003-0719'],
|
||||||
[ 'OSVDB', '5250'],
|
[ 'OSVDB', '5250'],
|
||||||
[ 'MSB', 'MS04-011'],
|
[ 'MSB', 'MS04-011'],
|
||||||
[ 'MIL', '77'],
|
[ 'MIL', '77'],
|
||||||
|
|
@ -114,7 +116,7 @@ class Exploits::Windows::Ssl::MS04_011_PCT < Msf::Exploit::Remote
|
||||||
|
|
||||||
# This is a heap ptr to the ssl request
|
# This is a heap ptr to the ssl request
|
||||||
# ... and just happens to not die ...
|
# ... and just happens to not die ...
|
||||||
# Thanks to Core ST, Halvar, JohnnyC :)
|
# Thanks to CORE and Halvar
|
||||||
#
|
#
|
||||||
# 80620101 => and byte ptr [esi+1], 0x2
|
# 80620101 => and byte ptr [esi+1], 0x2
|
||||||
# bd00010001 => mov ebp, 0x1000100
|
# bd00010001 => mov ebp, 0x1000100
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ class Exploits::Windows::Wins::MS04_045 < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Microsoft WINS MS04-045 Code Execution',
|
'Name' => 'Microsoft WINS Service Memory Overwrite',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a arbitrary memory write flaw in the
|
This module exploits a arbitrary memory write flaw in the
|
||||||
WINS service. This exploit has been tested against Windows
|
WINS service. This exploit has been tested against Windows
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue