module
7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
| Disclosed | Created |
|---|---|
| 2011-03-24 | 2018-05-30 |
Disclosed
2011-03-24
Created
2018-05-30
Description
This module exploits multiple vulnerabilities found on IGSS 9's Data Server and
Data Collector services. The initial approach is first by transferring our binary
with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then send
an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run
that payload with a CreateProcessA() function as a new thread.
Data Collector services. The initial approach is first by transferring our binary
with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then send
an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run
that payload with a CreateProcessA() function as a new thread.
Authors
Luigi Auriemma
sinn3r sinn3r@metasploit.com
sinn3r sinn3r@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.