Land #10750, formatting and AKA reference fixes

GSoC/Meterpreter_Web_Console
William Vu 2018-10-05 03:32:40 -05:00
commit 2bdecf7344
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
7 changed files with 110 additions and 119 deletions

View File

@ -40,10 +40,7 @@ class MetasploitModule < Msf::Auxiliary
],
'DisclosureDate' => 'Sep 24 2014',
'License' => MSF_LICENSE,
'Notes' =>
{
'AKA' => ['Shellshock']
}
'Notes' => {'AKA' => ['Shellshock']}
))
register_options([

View File

@ -12,12 +12,12 @@ class MetasploitModule < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Axis Network Camera .srv to parhand RCE',
'Description' => %q{
'Name' => 'Axis Network Camera .srv to parhand RCE',
'Description' => %q{
This module exploits an auth bypass in .srv functionality and a
command injection in parhand to execute code as the root user.
},
'Author' => [
'Author' => [
'Or Peles', # Vulnerability discovery (VDOO)
'wvu', # Metasploit module
'sinn3r', # Metasploit module
@ -28,46 +28,46 @@ class MetasploitModule < Msf::Exploit::Remote
'Chris Lee', # Metasploit module
'Cale Black' # Metasploit module
],
'References' => [
'References' => [
['CVE', '2018-10660'],
['CVE', '2018-10661'],
['CVE', '2018-10662'],
['URL', 'https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/'],
['URL', 'https://www.axis.com/files/faq/Advisory_ACV-128401.pdf']
],
'DisclosureDate' => 'Jun 18 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_ARMLE],
'Privileged' => true,
'Targets' => [
'DisclosureDate' => 'Jun 18 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_ARMLE],
'Privileged' => true,
'Targets' => [
['Unix In-Memory',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {
'BadChars' => ' ',
'Encoder' => 'cmd/ifs',
'Compat' => {
'PayloadType' => 'cmd',
'RequiredCmd' => 'netcat-e'
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {
'BadChars' => ' ',
'Encoder' => 'cmd/ifs',
'Compat' => {
'PayloadType' => 'cmd',
'RequiredCmd' => 'netcat-e'
}
},
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
}
],
['Linux Dropper',
'Platform' => 'linux',
'Arch' => ARCH_ARMLE,
'Type' => :linux_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
'Platform' => 'linux',
'Arch' => ARCH_ARMLE,
'Type' => :linux_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
}
]
],
'DefaultTarget' => 1,
'DefaultOptions' => {'WfsDelay' => 10}
'DefaultTarget' => 1,
'DefaultOptions' => {'WfsDelay' => 10}
))
end

View File

@ -16,8 +16,8 @@ class MetasploitModule < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'HP VAN SDN Controller Root Command Injection',
'Description' => %q{
'Name' => 'HP VAN SDN Controller Root Command Injection',
'Description' => %q{
This module exploits a hardcoded service token or default credentials
in HPE VAN SDN Controller <= 2.7.18.0503 to execute a payload as root.
@ -27,36 +27,36 @@ class MetasploitModule < Msf::Exploit::Remote
If the service token option TOKEN is blank, USERNAME and PASSWORD will
be used for authentication. An additional login request will be sent.
},
'Author' => [
'Author' => [
'Matt Bergin', # Vulnerability discovery and Python exploit
'wvu' # Metasploit module and additional ~research~
],
'References' => [
'References' => [
['EDB', '44951'],
['URL', 'https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt']
],
'DisclosureDate' => 'Jun 25 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Privileged' => true,
'Targets' => [
'DisclosureDate' => 'Jun 25 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Privileged' => true,
'Targets' => [
['Unix In-Memory',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'BadChars' => ' '},
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'}
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'BadChars' => ' '},
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'}
],
['Linux Dropper',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper,
'DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper,
'DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {'RPORT' => 8081, 'SSL' => true}
'DefaultTarget' => 0,
'DefaultOptions' => {'RPORT' => 8081, 'SSL' => true}
))
register_options([

View File

@ -45,20 +45,20 @@ class MetasploitModule < Msf::Exploit
'Privileged' => false,
'Targets' => [
['Unix (In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
],
['PowerShell (In-Memory)',
'Platform' => 'win',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :psh_memory
'Platform' => 'win',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :psh_memory
],
['Linux (Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
]
],
'DefaultTarget' => 0

View File

@ -47,8 +47,7 @@ class MetasploitModule < Msf::Exploit
%w{URL https://seclists.org/oss-sec/2016/q3/682},
%w{URL https://github.com/ImageMagick/ImageMagick/commit/06c41ab},
%w{URL https://github.com/ImageMagick/ImageMagick/commit/a347456},
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669},
%w{AKA ImageTragick}
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669}
],
'DisclosureDate' => 'May 3 2016',
'License' => MSF_LICENSE,
@ -63,7 +62,8 @@ class MetasploitModule < Msf::Exploit
['MVG file', template: 'msf.mvg'], # convert msf.svg msf.mvg
['PS file', template: 'msf.ps'] # PoC from taviso
],
'DefaultTarget' => 0
'DefaultTarget' => 0,
'Notes' => {'AKA' => ['ImageTragick']}
))
register_options([

View File

@ -34,7 +34,7 @@ class MetasploitModule < Msf::Exploit::Remote
['URL', 'https://research.checkpoint.com/uncovering-drupalgeddon-2/'],
['URL', 'https://github.com/a2u/CVE-2018-7600'],
['URL', 'https://github.com/nixawk/labs/issues/19'],
['URL', 'https://github.com/FireFart/CVE-2018-7600'],
['URL', 'https://github.com/FireFart/CVE-2018-7600']
],
'DisclosureDate' => 'Mar 28 2018',
'License' => MSF_LICENSE,
@ -47,89 +47,83 @@ class MetasploitModule < Msf::Exploit::Remote
# Automatic targets (PHP, cmd/unix, native)
#
['Automatic (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_memory
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_memory
],
['Automatic (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_dropper
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_dropper
],
['Automatic (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory
],
['Automatic (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
],
#
# Drupal 7.x targets (PHP, cmd/unix, native)
#
['Drupal 7.x (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_memory
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_memory
],
['Drupal 7.x (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_dropper
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_dropper
],
['Drupal 7.x (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('7'),
'Type' => :unix_memory
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('7'),
'Type' => :unix_memory
],
['Drupal 7.x (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('7'),
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('7'),
'Type' => :linux_dropper
],
#
# Drupal 8.x targets (PHP, cmd/unix, native)
#
['Drupal 8.x (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_memory
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_memory
],
['Drupal 8.x (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_dropper
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_dropper
],
['Drupal 8.x (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('8'),
'Type' => :unix_memory
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('8'),
'Type' => :unix_memory
],
['Drupal 8.x (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('8'),
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('8'),
'Type' => :linux_dropper
]
],
'DefaultTarget' => 0, # Automatic (PHP In-Memory)
'DefaultOptions' => {'WfsDelay' => 2},
'Notes' =>
{
'AKA' => [
'SA-CORE-2018-002',
'Drupalgeddon 2'
]
}
'Notes' => {'AKA' => ['SA-CORE-2018-002', 'Drupalgeddon 2']}
))
register_options([

View File

@ -94,7 +94,7 @@ metadata = {
'SMBPass': {'type': 'string', 'description': '(Optional) The password for the specified username', 'required': False, 'default': ''}
},
'notes': {
'AKA': ['ETERNALBLUE']
'AKA': ['ETERNALBLUE']
}
}