rb exploit module starts with definition information and imports
the module that handles TCP/IP-based exploit connection functionality. This all comes
???for free??? from the framework.
require 'msf/core'
module Msf
class Exploits::Linux::Http::PeerCast_URL < Msf::Exploit::Remote
include Exploit::Remote::Tcp
Next you??™ll see exploit metadata containing the human-readable name, description,
license, authors, version, references, and so on. You??™ll see this same pattern in other
exploits from the Metasploit team.
def initialize(info = {})
super(update_info(info,
'Name' => 'PeerCast <= 0.1216 URL Handling Buffer Overflow
(linux)',
'Description' => %q{ This module exploits a stack overflow in
PeerCast <= v0.1216. The vulnerability is caused due to a boundary error
within the handling of URL parameters.},
'Author' => [ 'y0 [at] w00t-shell.net' ],
'License' => BSD_LICENSE,
'Version' => '$Revision: 4498 $',
'References' =>
[
['OSVDB', '23777'],
['BID', '17040'],
['URL', 'http://www.infigo.hr/in_focus/INFIGO-2006-
03-01'],
],
'Privileged' => false,
Next comes the payload information. In the case of this PeerCast_URL exploit, the
vulnerability allows for 200 bytes of payload, does not allow seven specific characters to
be used in the payload, and requires a nop sled length of at least 64 bytes.
Pages:
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240