Metasploit mailing list archives
Exploiting CA Client License Overflow.
From: hdm at metasploit.com (H D Moore)
Date: Fri, 18 Mar 2005 01:45:30 -0600
Hello, The original version of the metasploit exploit would only work on older versions of the client/server (1.5x). I updated these modules to exploit both versions with the same request. The new exploit modules will be pushed into msfupdate in a few minutes :-) I downloaded a copy of the eTrust Pest Patrol software evaluation and successfully tested the new modules. You need to set the TARGET variable to 3 (Windows XP English SP2) and only have one shot to exploit the flaw. If you are attacking the software from a non-Windows system, you may need to run "nmbd" or add a DNS entry for your IP address. When exploiting this bug on apps like the CA eTrust IDS, it will only work if the client can reverse-resolve your IP address and connect back to the fake "license server" that the exploit emulates. To clarify, when you exploit the License Server, you simply connect to the port and send the request. When you exploit the License Client (which is enabled on nearly everything made by CA, where the Server is not), the exploit first connects to the client port and sends a request, causing the client to reverse-resolve the IP address of the attacking machine, and then connect back to it. The exploit accepts the connection from the client, queries it for the remote version number, and then exploits it. If your attacking system is behind a firewall, this will prevent the client from connecting back and recieving the exploit request. If you run into any problems with the new modules, please let me know. -HD PS. The last couple weeks have been busy for the metasploit staff -- spoonm and I were on the west coast at one conference while skape was on the east coast giving a talk at Interz0ne 4. Keep an eye on the web site over the next week for some updates... On Friday 11 March 2005 09:48, Michael Cameron wrote:
I've tried numerous times to exploit CA License Overflow. I've installed eTrust Pest Patrol 5 on a English Windows XP SP2 machine.
Current thread:
- Exploiting CA Client License Overflow. Michael Cameron (Mar 11)
- Exploiting CA Client License Overflow. class 101 (Mar 11)
- Exploiting CA Client License Overflow. H D Moore (Mar 17)