infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Wording, reviewer remarks

bug/bundler_fix
Martin Pizala 2017-09-11 23:25:10 +02:00
parent b78cb12546
commit 5ae708081d
No known key found for this signature in database
GPG Key ID: 50F0D0CE74400C95
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
documentation/modules/exploit/linux/http/rancher_server.md
View File

@ -3,7 +3,7 @@ Utilizing Rancher Server, an attacker can create a docker container
with the '/' path mounted with read/write permissions on the host with the '/' path mounted with read/write permissions on the host
server that is running the docker container. As the docker container server that is running the docker container. As the docker container
executes command as uid 0 it is honored by the host operating system executes command as uid 0 it is honored by the host operating system
allowing the attacker to edit/create files owed by root. This exploit allowing the attacker to edit/create files owned by root. This exploit
abuses this to creates a cron job in the '/etc/cron.d/' path of the abuses this to creates a cron job in the '/etc/cron.d/' path of the
host server. host server.
@ -78,13 +78,12 @@ Host Registration URL.
The new host should pop up on the Hosts screen within a minute. The new host should pop up on the Hosts screen within a minute.
# Exploitation # Exploitation
This module is designed for the attacker to leverage, creation of a This module is designed to gain root access on a Rancher Host.
docker container to gain root access on the rancher host.
## Options ## Options
- CONTAINER_ID if you want to have a human readable name for your container, else it will be randomly generated - CONTAINER_ID if you want to have a human readable name for your container, otherwise it will be randomly generated.
- DOCKERIMAGE is the locally or from hub.docker.com available image you are wanting to have Rancher to deploy for this exploit. - DOCKERIMAGE is the local image or hub.docker.com available image you want to have Rancher to deploy for this exploit.
- TARGETURI this is the Rancher Server API path. The default environment is /v1/projects/1a5 - TARGETURI this is the Rancher Server API path. The default environment is `/v1/projects/1a5`.
- WAIT_TIMEOUT is how long you will wait for a docker container to deploy before bailing out if it does not start. - WAIT_TIMEOUT is how long you will wait for a docker container to deploy before bailing out if it does not start.
By default access control is disabled, but if enabled, you need API By default access control is disabled, but if enabled, you need API