infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update description to remove blurb about ATSVC pipe, since it is no longer used 

git-svn-id: file:///home/svn/framework3/trunk@12226 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2011-04-03 20:53:54 +00:00
parent f9680c854b
commit 8a627758f3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/windows/smb/ms10_061_spoolss.rb
View File

@ -32,10 +32,10 @@ class Metasploit3 < Msf::Exploit::Remote
By sending WritePrinter requests, an attacker can fully control the content of
the created file.
In order to gain code execution, this module writes an EXE and then (ab)uses the
impersonation vulnerability a second time to create a secondary RPC connection
to the \\PIPE\\ATSVC named pipe. We then proceed to create a remote AT job using
a blind NetrJobAdd RPC call.
In order to gain code execution, this module writes to a directory used by Windows
Manamgenet Instrumentation (WMI) to deploy applications. This directory (Wbem\\Mof)
is periodically scanned and any new .mof files are processed automatically. This is
the same technique employed by the Stuxnet code found in the wild.
},
'Author' =>
[