Land #10750, formatting and AKA reference fixes
parent
736a2dfdb7
commit
12cb3b4d3e
|
@ -40,10 +40,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
],
|
||||
'DisclosureDate' => 'Sep 24 2014',
|
||||
'License' => MSF_LICENSE,
|
||||
'Notes' =>
|
||||
{
|
||||
'AKA' => ['Shellshock']
|
||||
}
|
||||
'Notes' => {'AKA' => ['Shellshock']}
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -12,12 +12,12 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Axis Network Camera .srv to parhand RCE',
|
||||
'Description' => %q{
|
||||
'Name' => 'Axis Network Camera .srv to parhand RCE',
|
||||
'Description' => %q{
|
||||
This module exploits an auth bypass in .srv functionality and a
|
||||
command injection in parhand to execute code as the root user.
|
||||
},
|
||||
'Author' => [
|
||||
'Author' => [
|
||||
'Or Peles', # Vulnerability discovery (VDOO)
|
||||
'wvu', # Metasploit module
|
||||
'sinn3r', # Metasploit module
|
||||
|
@ -28,46 +28,46 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Chris Lee', # Metasploit module
|
||||
'Cale Black' # Metasploit module
|
||||
],
|
||||
'References' => [
|
||||
'References' => [
|
||||
['CVE', '2018-10660'],
|
||||
['CVE', '2018-10661'],
|
||||
['CVE', '2018-10662'],
|
||||
['URL', 'https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/'],
|
||||
['URL', 'https://www.axis.com/files/faq/Advisory_ACV-128401.pdf']
|
||||
],
|
||||
'DisclosureDate' => 'Jun 18 2018',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['unix', 'linux'],
|
||||
'Arch' => [ARCH_CMD, ARCH_ARMLE],
|
||||
'Privileged' => true,
|
||||
'Targets' => [
|
||||
'DisclosureDate' => 'Jun 18 2018',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['unix', 'linux'],
|
||||
'Arch' => [ARCH_CMD, ARCH_ARMLE],
|
||||
'Privileged' => true,
|
||||
'Targets' => [
|
||||
['Unix In-Memory',
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {
|
||||
'BadChars' => ' ',
|
||||
'Encoder' => 'cmd/ifs',
|
||||
'Compat' => {
|
||||
'PayloadType' => 'cmd',
|
||||
'RequiredCmd' => 'netcat-e'
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {
|
||||
'BadChars' => ' ',
|
||||
'Encoder' => 'cmd/ifs',
|
||||
'Compat' => {
|
||||
'PayloadType' => 'cmd',
|
||||
'RequiredCmd' => 'netcat-e'
|
||||
}
|
||||
},
|
||||
'DefaultOptions' => {
|
||||
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
|
||||
'DefaultOptions' => {
|
||||
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
|
||||
}
|
||||
],
|
||||
['Linux Dropper',
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_ARMLE,
|
||||
'Type' => :linux_dropper,
|
||||
'DefaultOptions' => {
|
||||
'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_ARMLE,
|
||||
'Type' => :linux_dropper,
|
||||
'DefaultOptions' => {
|
||||
'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
|
||||
}
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 1,
|
||||
'DefaultOptions' => {'WfsDelay' => 10}
|
||||
'DefaultTarget' => 1,
|
||||
'DefaultOptions' => {'WfsDelay' => 10}
|
||||
))
|
||||
end
|
||||
|
||||
|
|
|
@ -16,8 +16,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'HP VAN SDN Controller Root Command Injection',
|
||||
'Description' => %q{
|
||||
'Name' => 'HP VAN SDN Controller Root Command Injection',
|
||||
'Description' => %q{
|
||||
This module exploits a hardcoded service token or default credentials
|
||||
in HPE VAN SDN Controller <= 2.7.18.0503 to execute a payload as root.
|
||||
|
||||
|
@ -27,36 +27,36 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
If the service token option TOKEN is blank, USERNAME and PASSWORD will
|
||||
be used for authentication. An additional login request will be sent.
|
||||
},
|
||||
'Author' => [
|
||||
'Author' => [
|
||||
'Matt Bergin', # Vulnerability discovery and Python exploit
|
||||
'wvu' # Metasploit module and additional ~research~
|
||||
],
|
||||
'References' => [
|
||||
'References' => [
|
||||
['EDB', '44951'],
|
||||
['URL', 'https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt']
|
||||
],
|
||||
'DisclosureDate' => 'Jun 25 2018',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['unix', 'linux'],
|
||||
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
|
||||
'Privileged' => true,
|
||||
'Targets' => [
|
||||
'DisclosureDate' => 'Jun 25 2018',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['unix', 'linux'],
|
||||
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
|
||||
'Privileged' => true,
|
||||
'Targets' => [
|
||||
['Unix In-Memory',
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {'BadChars' => ' '},
|
||||
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'}
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {'BadChars' => ' '},
|
||||
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'}
|
||||
],
|
||||
['Linux Dropper',
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :linux_dropper,
|
||||
'DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :linux_dropper,
|
||||
'DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0,
|
||||
'DefaultOptions' => {'RPORT' => 8081, 'SSL' => true}
|
||||
'DefaultTarget' => 0,
|
||||
'DefaultOptions' => {'RPORT' => 8081, 'SSL' => true}
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -45,20 +45,20 @@ class MetasploitModule < Msf::Exploit
|
|||
'Privileged' => false,
|
||||
'Targets' => [
|
||||
['Unix (In-Memory)',
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
|
||||
],
|
||||
['PowerShell (In-Memory)',
|
||||
'Platform' => 'win',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :psh_memory
|
||||
'Platform' => 'win',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :psh_memory
|
||||
],
|
||||
['Linux (Dropper)',
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :linux_dropper
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :linux_dropper
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0
|
||||
|
|
|
@ -47,8 +47,7 @@ class MetasploitModule < Msf::Exploit
|
|||
%w{URL https://seclists.org/oss-sec/2016/q3/682},
|
||||
%w{URL https://github.com/ImageMagick/ImageMagick/commit/06c41ab},
|
||||
%w{URL https://github.com/ImageMagick/ImageMagick/commit/a347456},
|
||||
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669},
|
||||
%w{AKA ImageTragick}
|
||||
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669}
|
||||
],
|
||||
'DisclosureDate' => 'May 3 2016',
|
||||
'License' => MSF_LICENSE,
|
||||
|
@ -63,7 +62,8 @@ class MetasploitModule < Msf::Exploit
|
|||
['MVG file', template: 'msf.mvg'], # convert msf.svg msf.mvg
|
||||
['PS file', template: 'msf.ps'] # PoC from taviso
|
||||
],
|
||||
'DefaultTarget' => 0
|
||||
'DefaultTarget' => 0,
|
||||
'Notes' => {'AKA' => ['ImageTragick']}
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -34,7 +34,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
['URL', 'https://research.checkpoint.com/uncovering-drupalgeddon-2/'],
|
||||
['URL', 'https://github.com/a2u/CVE-2018-7600'],
|
||||
['URL', 'https://github.com/nixawk/labs/issues/19'],
|
||||
['URL', 'https://github.com/FireFart/CVE-2018-7600'],
|
||||
['URL', 'https://github.com/FireFart/CVE-2018-7600']
|
||||
],
|
||||
'DisclosureDate' => 'Mar 28 2018',
|
||||
'License' => MSF_LICENSE,
|
||||
|
@ -47,89 +47,83 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
# Automatic targets (PHP, cmd/unix, native)
|
||||
#
|
||||
['Automatic (PHP In-Memory)',
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Type' => :php_memory
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Type' => :php_memory
|
||||
],
|
||||
['Automatic (PHP Dropper)',
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Type' => :php_dropper
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Type' => :php_dropper
|
||||
],
|
||||
['Automatic (Unix In-Memory)',
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory
|
||||
],
|
||||
['Automatic (Linux Dropper)',
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :linux_dropper
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Type' => :linux_dropper
|
||||
],
|
||||
#
|
||||
# Drupal 7.x targets (PHP, cmd/unix, native)
|
||||
#
|
||||
['Drupal 7.x (PHP In-Memory)',
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :php_memory
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :php_memory
|
||||
],
|
||||
['Drupal 7.x (PHP Dropper)',
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :php_dropper
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :php_dropper
|
||||
],
|
||||
['Drupal 7.x (Unix In-Memory)',
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :unix_memory
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :unix_memory
|
||||
],
|
||||
['Drupal 7.x (Linux Dropper)',
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :linux_dropper
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Version' => Gem::Version.new('7'),
|
||||
'Type' => :linux_dropper
|
||||
],
|
||||
#
|
||||
# Drupal 8.x targets (PHP, cmd/unix, native)
|
||||
#
|
||||
['Drupal 8.x (PHP In-Memory)',
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :php_memory
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :php_memory
|
||||
],
|
||||
['Drupal 8.x (PHP Dropper)',
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :php_dropper
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :php_dropper
|
||||
],
|
||||
['Drupal 8.x (Unix In-Memory)',
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :unix_memory
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :unix_memory
|
||||
],
|
||||
['Drupal 8.x (Linux Dropper)',
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :linux_dropper
|
||||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Version' => Gem::Version.new('8'),
|
||||
'Type' => :linux_dropper
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0, # Automatic (PHP In-Memory)
|
||||
'DefaultOptions' => {'WfsDelay' => 2},
|
||||
'Notes' =>
|
||||
{
|
||||
'AKA' => [
|
||||
'SA-CORE-2018-002',
|
||||
'Drupalgeddon 2'
|
||||
]
|
||||
}
|
||||
'Notes' => {'AKA' => ['SA-CORE-2018-002', 'Drupalgeddon 2']}
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -94,7 +94,7 @@ metadata = {
|
|||
'SMBPass': {'type': 'string', 'description': '(Optional) The password for the specified username', 'required': False, 'default': ''}
|
||||
},
|
||||
'notes': {
|
||||
'AKA': ['ETERNALBLUE']
|
||||
'AKA': ['ETERNALBLUE']
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue