DHCP Client Bash Environment Variable Code Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'rex/proto/dhcp'
 
class Metasploit3 < Msf::Auxiliary
 
  include Msf::Exploit::Remote::DHCPServer
 
  def initialize
    super(
      'Name'        => 'DHCP Client Bash Environment Variable Code Injection',
      'Description'    => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting dhclient network configuration
        scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
      },
      'Author'      =>
        [
          'scriptjunkie',...

Leggi il seguito »

Apache mod_cgi Bash Environment Variable Code Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit4 < Msf::Exploit::Remote
  Rank = GoodRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
 
  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Apache mod_cgi Bash Environment Variable Code Injection',
      'Description' => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting Apache mod_cgi scripts through
        the HTTP_USER_AGENT variable.
      },
      'Author' => [
        'Stephane...

Leggi il seguito »

bashedCgi Remote Command Execution

29 settembre 2014 - Fonte: http://www.mondounix.com
    require 'msf/core'
 
    class Metasploit3 < Msf::Auxiliary
 
        include Msf::Exploit::Remote::HttpClient
 
 
        def initialize(info = {})
            super(update_info(info,
                'Name'           => 'bashedCgi',
                'Description'    => %q{
                   Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. 
                },
                'Author'         => [ 'Stephane Chazelas' ], # vuln discovery 
     'Author'   => [ 'Shaun Colley <scolley at ioactive.com>' ], # metasploit module 
                'License'        => MSF_LICENSE,
...

Leggi il seguito »

Metasploit su OS X Mavericks

16 febbraio 2014 - Fonte: http://www.maxpalmari.it/blog
Vi riporto di seguito la procedura che ho seguito per installare Metasploit su Mavericks, completa di alcune soluzioni che ho adottato per errori che ho riscontrato in fase di installazione. Installiamo Command Line Tools (OSX 10.9): Installiamo il kit di sviluppo Java JDK: http://www.oracle.com/technetwork/java/javase/downloads Installiamo “Homebrew” : ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)" echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> […]...

Leggi il seguito »

WordPress Amerisale-Re Remote Shell Upload

31 gennaio 2014 - Fonte: http://www.mondounix.com
# Exploit Title : Wordpress amerisale-re Remote Shell Upload
# Exploit Author : T3rm!nat0r5
# Vendor Homepage : http://wordpress.org/
# Google Dork : inurl:/wp-content/plugins/amerisale-re
# Date : 2014/01/30
# Tested on : Windows 8 , Linux
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
 
require 'msf/core'
class Metasploit4 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
  super(update_info(info,
            'Name'           => 'Wordpress amerisale-re Plugin Remote
Shell Upload',
       'Description' => %q{
        This module exploits an arbitrary...

Leggi il seguito »

Mac OS X Sudo Password Bypass

27 agosto 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#
# http://metasploit.com/
##
require 'shellwords'
 
class Metasploit3 < Msf::Exploit::Local
 
  # ManualRanking because it's going to modify system time
  # Even when it will try to restore things, user should use
  # it at his own risk
  Rank = NormalRanking
 
  include Msf::Post::Common
  include Msf::Post::File
  include Msf::Exploit::EXE
  include Msf::Exploit::FileDropper
 
  SYSTEMSETUP_PATH = "/usr/sbin/systemsetup"
  SUDOER_GROUP = "admin"
  VULNERABLE_VERSION_RANGES...

Leggi il seguito »

InstantCMS 1.6 Remote PHP Code Execution

8 luglio 2013 - Fonte: http://www.mondounix.com
require 'msf/core'
 
 
class Metasploit3 < Msf::Exploit::Remote
 
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'InstantCMS 1.6 Remote PHP Code Execution',
      'Description'    => %q{
        This module exploits an arbitrary php command execution vulnerability, because of a
        dangerous use of eval(), in InstantCMS versions 1.6.
      },
      'Author'         =>
        [
          'AkaStep', # Vulnerability discovery and PoC
          'Ricardo Jorge Borges de Almeida <ricardojba1[at]gmail.com>', # Metasploit module
          'juan vazquez' # Metasploit module
      ...

Leggi il seguito »

ZPanel zsudo Local Privilege Escalation

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/priv'
require 'msf/core/exploit/exe'
 
 
class Metasploit4 < Msf::Exploit::Local
  Rank = ExcellentRanking
 
  include Msf::Exploit::EXE
  include Msf::Post::File
  include Msf::Post::Common
 
  def initialize(info={})
    super( update_info( info, {
        'Name'          => 'ZPanel zsudo Local Privilege Escalation Exploit',
        'Description'...

Leggi il seguito »

Novell Client 2 SP3 nicm.sys Local Privilege Escalation

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/windows/priv'
 
class Metasploit3 < Msf::Exploit::Local
  Rank = AverageRanking
 
  include Msf::Post::Common
  include Msf::Post::Windows::Priv
 
  def initialize(info={})
    super(update_info(info, {
      'Name'           => 'Novell Client 2 SP3 nicm.sys Local Privilege Escalation',
      'Description'    => %q{
        This module exploits a flaw in the nicm.sys driver...

Leggi il seguito »

Havalite CMS Arbitary File Upload

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::PhpEXE
 
  def initialize(info={})
    super(update_info(info,
      'Name'           => "Havalite CMS Arbitary File Upload Vulnerability",
      'Description'    => %q{
        This module exploits a file upload vulnerability found in Havalite CMS 1.1.7, and
        possibly prior....

Leggi il seguito »