Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IBM Tivoli Storage Manager Fastback Denial of Service module #6547

Merged
merged 7 commits into from Feb 12, 2016
Merged

Add IBM Tivoli Storage Manager Fastback Denial of Service module #6547

merged 7 commits into from Feb 12, 2016

Conversation

wwebb-r7
Copy link
Contributor

@wwebb-r7 wwebb-r7 commented Feb 8, 2016

This module triggers the denial of service condition detailed at https://www.exploit-db.com/exploits/38979/

wchen-r7
wchen-r7 reviewed Feb 8, 2016
View reviewed changes
modules/exploits/windows/misc/ibm_tsm_dos.rb
sock.put(p)
disconnect
print_status("Packet sent!")
rescue ::Exception => ex
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rescuing ::Exception is not a recommended practice. Your module would catch things that should not be handled by it (for example, exceptions that should be handled by msfconsole). You want to be more specific :-)

I once tried to document what the Tcp mixin might raise in here, feel free to check it out:
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-the-Msf%3A%3AExploit%3A%3ARemote%3A%3ATcp-mixin

@wchen-r7
Copy link
Contributor

wchen-r7 commented Feb 8, 2016

Hi @wwebb-r7, sorry we didn't make this clear. At Metasploit, all exploit modules are required to pop a shell. If it doesn't (in this case, looks like just a DoS), then you would have to move this module to the auxiliary category. In your case, probably in https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/misc. You may browse around for code examples :-)

@wchen-r7 wchen-r7 added module feature blocked Blocked by one or more additional tasks labels Feb 8, 2016
@wwebb-r7
Copy link
Contributor Author

wwebb-r7 commented Feb 9, 2016

Made exception handling changes and moved module to module/auxiliary/dos/misc

@wchen-r7
Copy link
Contributor

wchen-r7 commented Feb 9, 2016

Thanks.

@wchen-r7 wchen-r7 removed the blocked Blocked by one or more additional tasks label Feb 9, 2016
@wchen-r7 wchen-r7 self-assigned this Feb 9, 2016
@wwebb-r7
Copy link
Contributor Author

Inherit from Msf::Auxiliary

@wchen-r7
Copy link
Contributor

Tested on version 6.1.4000:

msf auxiliary(ibm_tsm_dos) > run

[*] Connected to: 172.16.23.157 port: 11460
[*] Sending malicious packet
[*] Packet sent!
[*] Auxiliary module execution completed
msf auxiliary(ibm_tsm_dos) > rerun
[*] Reloading module...

[*] Exploit failed: Rex::ConnectionRefused The connection was refused by the remote host (172.16.23.157:11460).
[*] Auxiliary module execution completed
msf auxiliary(ibm_tsm_dos) >

@wchen-r7 wchen-r7 merged commit c874699 into rapid7:master Feb 12, 2016
wchen-r7 added a commit that referenced this pull request Feb 12, 2016
@wchen-r7
Land #6547, IBM Tivoli Storage Manager Fastback Denial of Service
b2765a2
@wchen-r7
Copy link
Contributor

PR merged. Congrats! :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wchen-r7 wchen-r7

Labels
feature module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wwebb-r7 @wchen-r7 @waffleio-r7