infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

land #8029 syntax fixes for some docs

bug/bundler_fix
h00die 2017-02-27 21:01:46 -05:00
parent a8c6a91669 8197d14f30
commit a910f38a11
No known key found for this signature in database
GPG Key ID: C5A9D25D1457C971
3 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
documentation/modules/auxiliary/admin/chromecast/chromecast_youtube.md
View File

@ -1,4 +1,4 @@
This module plays (by default) [https://www.youtube.com/watch?v=kxopViU98Xo]("Epic sax guy 10 hours") on a target Google Chromecast via YouTube.
This module plays (by default) ["Epic sax guy 10 hours"](https://www.youtube.com/watch?v=kxopViU98Xo) on a target Google Chromecast via YouTube.
Naturally, audio should be cranked to 11 before running this module.
@ -12,7 +12,7 @@ Naturally, audio should be cranked to 11 before running this module.
**VID**
The YouTube video to be played. Defaults to [https://www.youtube.com/watch?v=kxopViU98Xo](kxopViU98Xo)
The YouTube video to be played. Defaults to [kxopViU98Xo](https://www.youtube.com/watch?v=kxopViU98Xo)
## Sample Output

23
documentation/modules/auxiliary/admin/http/netgear_soap_password_extractor.md
View File

@ -1,17 +1,18 @@
## Vulnerable Application
The following list is a non-exhaustive list of vulnerable Netgear devices:
1. R6300v2 < [1.0.3.28](http://kb.netgear.com/app/answers/detail/a_id/28372)
2. WNDR3300 - V1.0.45 (current, confirmed vuln)
3. WNDR3700v1 - 1.0.7.98, 1.0.16.98 (confirmed vuln)
4. WNDR3700v2 - 1.0.1.14 (EOL, confirmed vuln)
5. WNDR3700v4 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28355)
6. WNDR3800 - 1.0.0.48 (EOL, confirmed vuln)
7. WNDR4300 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28037)
8. WNR1000v2 - 1.0.1.1, 1.1.2.58 (EOL, confirmed vuln)
9. WNR2000v3 < [1.1.2.12](http://kb.netgear.com/app/answers/detail/a_id/30024)
10. WNR2200 < [1.0.1.96](http://kb.netgear.com/app/answers/detail/a_id/28036)
11. WNR2500 < [1.0.0.32](http://kb.netgear.com/app/answers/detail/a_id/28351)
1. R6300v2 < [1.0.3.28](http://kb.netgear.com/app/answers/detail/a_id/28372)
2. WNDR3300 - V1.0.45 (current, confirmed vuln)
3. WNDR3700v1 - 1.0.7.98, 1.0.16.98 (confirmed vuln)
4. WNDR3700v2 - 1.0.1.14 (EOL, confirmed vuln)
5. WNDR3700v4 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28355)
6. WNDR3800 - 1.0.0.48 (EOL, confirmed vuln)
7. WNDR4300 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28037)
8. WNR1000v2 - 1.0.1.1, 1.1.2.58 (EOL, confirmed vuln)
9. WNR2000v3 < [1.1.2.12](http://kb.netgear.com/app/answers/detail/a_id/30024)
10. WNR2200 < [1.0.1.96](http://kb.netgear.com/app/answers/detail/a_id/28036)
11. WNR2500 < [1.0.0.32](http://kb.netgear.com/app/answers/detail/a_id/28351)
## Verification Steps

12
documentation/modules/exploit/linux/local/bpf_priv_esc.md
View File

@ -1,19 +1,19 @@
## Notes
This module (and the original exploit) are written in several parts: hello, doubleput, and suidhelper.
This module (and the original exploit) are written in several parts: `hello`, `doubleput`, and `suidhelper`.
Mettle at times on this exploit will give back an invalid session number error. In these cases payload/linux/x64/shell/bind_tcp seemed to always work.
Mettle at times on this exploit will give back an invalid session number error. In these cases `payload/linux/x64/shell/bind_tcp` seemed to always work.
As of PR submission, the original shell becomes unresposive when the root shell occurs. Metasm fails to compile due to fuse.h being required.
As of PR submission, the original shell becomes unresposive when the root shell occurs. Metasm fails to compile due to `fuse.h` being required.
As of PR submission, killing of the process hello and doubleput has to occur manually. /tmp/fuse_mount also needs to be unmounted and deleted.
As of PR submission, killing of the process `hello` and `doubleput` has to occur manually. `/tmp/fuse_mount` also needs to be unmounted and deleted.
## Creating A Testing Environment
There are a few requirements for this module to work:
1. CONFIG_BPF_SYSCALL=y must be set in the kernel (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
2. kernel.unprivileged_bpf_disabled can't be set to 1 (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
1. `CONFIG_BPF_SYSCALL=y` must be set in the kernel (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
2. `kernel.unprivileged_bpf_disabled` can't be set to `1` (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
3. fuse needs to be installed (non-default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
Using Ubuntu 16.04, simply `sudo apt-get install fuse` and you're all set!