##
# $Id: minishare_get_overflowrb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions Please see the Metasploit
# Framework web site for more information on licensing and terms of use
# metasploitcom/framework/
##
require 'msf/core'
...
/*
MiniShare <= 141, Remote Buffer Overflow Exploit v01
Bind a shellcode to the port 101
Full disclosure and exploit
by class101 [at] DFindkd-teamcom [&] #n3ws [at] EFnet
07 november 2004
Thanx to HDMoore and Metasploitcom for their kickass ASM work
------------------
WHAT IS MINISHARE
------------------
Homepage - m ...
/*
no@0x00:~/Exploits/minishare$ /mini-exploit 1020302
***MiniShare remote buffer overflow UNIX exploit by NoPh0BiA***
[x] Connected to: 1020302 on port 80
[x] Sending bad codedone
[x] Trying to connect to: 1020302 on port 4444
[x] 0wn3d!
Microsoft Windows 2000 [Version 5002195]
(C) Copyright 1985-2000 Microsoft Corp
E:\Prog ...
A python implementation of CVE-2004-2271 targeting MiniShare 1.4.1.
CVE-2004-2271 - MiniShare 141 - BOF
References
nvdnistgov/vuln/detail/CVE-2004-2271
Vulnerability
MiniShare 141 has no bounds checking on HTTP GET requests it receives
By sending a long, malformed HTTP GET request, an attacker can perform a buffer overflow and execute arbitrary code on the system
Exploit Notes
Only 210 bytes of space are available for shellcode
Playing with the CVE-2004-2271
Setup for GNU/Linux hosts (recommended)
Clone
Download WXP-minishare-vagrantova and save in this directory
Run make
Setup for other OS hosts
Clone
Download "WXP-minishare-vagrantova" and save in this directory
Open "virtualbox"
Import appliance
Choose the ova file
Configure DHCP server for internal network "intn
Exploit_EH2
CVE 2004-2271
El CVE-2004-2271 se refiere a una vulnerabilidad de seguridad conocida como "Minishare Directory Traversal" o "Minishare Path Disclosure" Minishare es un servidor HTTP pequeño y simple que permite compartir archivos a través de HTTP
La vulnerabilidad en cuestión permite a un atacante remoto acceder a archivos