[framework] Running milw0rm Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (win/osx) oddity
Jeffs
jeffs at speakeasy.net
Thu Nov 29 16:26:07 CST 2007
In my attempts to dissect and understand how to place a .rb module into
Metasploit framework3, I happened today upon the Apple QuickTime 7.2/7.3
RSTP Response Universal Exploit (win/osx) a.k.a. 4673.rb file, which I
believe was just posted to Milw0rm. Looking at it I see that it does
not contain the necessary information for inclusion in the Metasploit
directories in BT2 (although I'd like to know how to place it there so
the .msfgui and msfweb can see it). If I put it into any directory
under framework3 and then run either .msfgui or msfweb, this is what
happens:
*] Starting msfweb v3.1-dev on http://127.0.0.1:55555/
=> Booting WEBrick...
Quicktime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow
exploit
Copyright (C) 2007, Subreption LLC. All rights reserved.
/pentest/exploits/framework3/msfweb: RTSP Listening on 0.0.0.0:554,
serving GQeDGXybEgXI.mp3
/pentest/exploits/framework3/msfweb: RTSP URL:
rtsp://0.0.0.0:554/GQeDGXybEgXI.mp3
apparently it starts to run the exploit.
I know this is not HOW to do it correctly, so can someone point me in
the right direction on what parameters need to be included in the
4673.rb file at Milw0rm to make it show up in the .msfgui or .msfweb.
I know there is already a module there for this exploit, but this one I
believe is newer and has more bells and whistles.
Thank for any *constructive* comments you may wish to pass to me.
More information about the framework
mailing list