infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated windows udf files and documentation

GSoC/Meterpreter_Web_Console
h00die 2018-08-07 14:50:47 -04:00
parent b21d73a170
commit d299831efe
3 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/mysql/lib_mysqludf_sys_32.dll
View File

Binary file not shown.

BIN
data/exploits/mysql/lib_mysqludf_sys_64.dll
View File

Binary file not shown.

4
documentation/modules/exploit/multi/mysql/mysql_udf_payload.md
View File

@ -1,6 +1,10 @@
## Vulnerable Application
This vulnerability expoits mysql by adding a .so or .dll file which has a system call in it to the plugins folder.
The Windows dll files are provided by [@stamparm](https://github.com/stamparm) of the sqlmap project and are
located [here](https://github.com/rapid7/metasploit-framework/files/1879611/mysql_udf_libs.zip). As noted
in [#9677](https://github.com/rapid7/metasploit-framework/issues/9677#issuecomment-378893925) these are 'de-cloaked' versions,
which may attract AV attention.
The file is then loaded by mysql, and arbitrary commands can be run. There are several caveats for this to
function however, including:
1. `secure_file_priv`, a mysql setting, must be changed from the default to allow writing