Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add crosschex buffer overflow exploit #12902

Merged
merged 13 commits into from
Feb 13, 2020
Merged

Add crosschex buffer overflow exploit #12902

merged 13 commits into from
Feb 13, 2020

Conversation

agalway-r7
Copy link
Contributor

Adds new metasploit module that waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom packet, triggering buffer overflow.

Verification

Vulnerable software can be found here.

List the steps needed to make sure this thing works

  • Start msfconsole
  • use windows/misc/crosschex_device_bof
  • set LHOST vboxnet0
  • run
  • Open CrossChex
  • Navigate to Device > Add
  • Select Search
  • Verify payload executes correctly
  • TODO: Document the thing and how it works (Example)

@agalway-r7 agalway-r7 marked this pull request as ready for review February 4, 2020 11:15
@wvu wvu self-assigned this Feb 5, 2020
@dwelch-r7 dwelch-r7 added docs and removed needs-docs labels Feb 10, 2020
dwelch-r7 added a commit that referenced this pull request Feb 13, 2020
@dwelch-r7
Land #12902, Add exploit module for crosschex buffer overflow
0e55e20
@agalway-r7
Copy link
Contributor Author

agalway-r7 commented Feb 13, 2020
edited by tperry-r7
Loading

Release notes

Adds a module that exploits a Buffer Overflow vulnerability in CrossChex. This module listens for a broadcast from CrossChex attempting to detect new Access Control devices, and responds with malicious code exploiting the Buffer Overflow and delivering a specified payload.

dwelch-r7 added a commit that referenced this pull request Feb 13, 2020
@dwelch-r7
Land #12902, Add exploit module for crosschex buffer overflow
07954c0
@dwelch-r7 dwelch-r7 merged commit 2ca2b5c into rapid7:master Feb 13, 2020
@wvu wvu mentioned this pull request Feb 19, 2020
Closed
@tperry-r7 tperry-r7 added the rn-modules release notes for new or majorly enhanced modules label Feb 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wvu wvu wvu left review comments

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

@smcintyre-r7 smcintyre-r7 Awaiting requested review from smcintyre-r7

Assignees

@wvu wvu

Labels
docs module rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@agalway-r7 @wvu @smcintyre-r7 @adfoster-r7 @dwelch-r7 @space-r7 @tperry-r7