Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ForceExploit to 4.3BSD (VAX) exploits #12754

Merged
merged 2 commits into from
Dec 24, 2019
Merged

Add ForceExploit to 4.3BSD (VAX) exploits #12754

merged 2 commits into from
Dec 24, 2019

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Dec 24, 2019
edited
Loading

#11049 already has it.

msf5 exploit(bsd/finger/morris_fingerd_bof) > run

[*] Started reverse TCP handler on 192.168.1.2:4444
[-] 127.0.0.1:79 - The connection was refused by the remote host (127.0.0.1:79).
[-] 127.0.0.1:79 - Exploit aborted due to failure: not-vulnerable: Set ForceExploit to override
[*] Exploit completed, but no session was created.
msf5 exploit(bsd/finger/morris_fingerd_bof) > previous
msf5 exploit(unix/smtp/morris_sendmail_debug) > run

[*] Started reverse TCP double handler on 192.168.1.2:4444
[-] 127.0.0.1:25 - The connection was refused by the remote host (127.0.0.1:25).
[-] 127.0.0.1:25 - Exploit aborted due to failure: not-vulnerable: Set ForceExploit to override
[*] Exploit completed, but no session was created.
msf5 exploit(unix/smtp/morris_sendmail_debug) > setg forceexploit true
forceexploit => true
msf5 exploit(unix/smtp/morris_sendmail_debug) > run

[*] Started reverse TCP double handler on 192.168.1.2:4444
[-] 127.0.0.1:25 - The connection was refused by the remote host (127.0.0.1:25).
[*] 127.0.0.1:25 - Connecting to sendmail
[-] 127.0.0.1:25 - Exploit aborted due to failure: unreachable: The connection was refused by the remote host (127.0.0.1:25).
[*] Exploit completed, but no session was created.
msf5 exploit(unix/smtp/morris_sendmail_debug) > previous
msf5 exploit(bsd/finger/morris_fingerd_bof) > run

[*] Started reverse TCP handler on 192.168.1.2:4444
[-] 127.0.0.1:79 - The connection was refused by the remote host (127.0.0.1:79).
[*] 127.0.0.1:79 - Connecting to fingerd
[-] 127.0.0.1:79 - Exploit aborted due to failure: unreachable: The connection was refused by the remote host (127.0.0.1:79).
[*] Exploit completed, but no session was created.
msf5 exploit(bsd/finger/morris_fingerd_bof) >

#10700, #10836, #11049

@wvu wvu self-assigned this Dec 24, 2019
@wvu wvu merged commit e89a596 into rapid7:master Dec 24, 2019
@wvu
Copy link
Contributor Author

wvu commented Dec 24, 2019
edited by tperry-r7
Loading

Release Notes

This adds the ForceExploit option to the exploit/bsd/finger/morris_fingerd_bof and exploit/unix/smtp/morris_sendmail_debug modules, enforcing an automatic check before exploitation unless ForceExploit is set.

msjenkins-r7 pushed a commit that referenced this pull request Dec 24, 2019
@wvu-r7 @msjenkins-r7
Land #12754, ForceExploit for 4.3BSD exploits
216bdcf
@wvu wvu deleted the feature/vax branch December 24, 2019 01:24
@tperry-r7 tperry-r7 added the rn-enhancement release notes enhancement label Jan 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
enhancement module rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wvu @tperry-r7