Add initial libupnp_ssdp_overflow module

[hdm]

No description provided.

[jvazquez-r7]

Looking into it

[jvazquez-r7]

The auxiliary scanner still works even without the extra \r\n

msf  auxiliary(ssdp_msearch) > set rhosts 192.168.1.130
rhosts => 192.168.1.130
msf  auxiliary(ssdp_msearch) > run

[*] Sending UPnP SSDP probes to 192.168.1.130->192.168.1.130 (1 hosts)
[+] 192.168.1.130:1900 SSDP Linux/2.6.32-38-generic, UPnP/1.0, Intel SDK for UPnP devices/1.3.1
ST: upnp:rootdevice
USN: uuid:Upnp-TVEmulator-1_0-1234567890001::upnp:rootdevice | http://192.168.1.130:49152/tvdevicedesc.xml
SERVER: Linux/2.6.32-38-generic, UPnP/1.0, Intel SDK for UPnP devices/1.3.1
ST: upnp:rootdevice
USN: uuid:Upnp-TVEmulator-1_0-1234567890001::upnp:rootdevice | uuid:Upnp-TVEmulator-1_0-1234567890001::upnp:rootdevice | vulns:1 (CVE-2012-5958, CVE-2012-5959)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

[jvazquez-r7]

Automatic detection code seems to run fine, on the other hand pcap checked, merging!

msf  exploit(libupnp_ssdp_overflow) > set rhost 192.168.1.130
rhost => 192.168.1.130
msf  exploit(libupnp_ssdp_overflow) > rexploit
[*] Reloading module...

[*] Started reverse double handler
[*] No target matches this fingerprint
[*] 
[*]     HTTP/1.1 200 OK
[*]     CACHE-CONTROL: max-age=100
[*]     DATE: Mon, 04 Feb 2013 17:11:53 GMT
[*]     EXT:
[*]     LOCATION: http://192.168.1.130:49152/tvdevicedesc.xml
[*]     SERVER: Linux/2.6.32-38-generic, UPnP/1.0, Intel SDK for UPnP devices/1.3.1
[*]     ST: upnp:rootdevice
[*]     USN: uuid:Upnp-TVEmulator-1_0-1234567890001::upnp:rootdevice
[*]     
[*] 
[-] Exploit failed [no-target]: No compatible target detected