dc9c0035ab
Land #15371 , check if apport-cli is in $PATH
...
Fixes #15370
2021-07-08 09:28:35 -04:00
636b790acb
Update to using the AutoCheck mixin
2021-07-08 09:03:42 -04:00
daa5b32393
Update from review
...
- Remove `MeterpreterTryToFork` option logic
- Add `Prepend` code directly under `Payload` info
- Rebase to use the updated `PrependFork`
- Add logic to verify that shells specified in the options really exist
on the remote host
2021-06-30 18:13:35 +02:00
eca20bec92
Update from code review
...
- Fix documentation typos
- Rename `MeterpreterBackground` Mettle option to `MeterpreterTryToFork`
2021-06-30 11:02:11 +02:00
ccaedd6c9a
Last additions and improvements
...
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
2021-06-30 11:02:11 +02:00
1b59b8c83e
Rebase and fix conflicts in lib/msf/core/post/common.rb
2021-06-30 11:02:11 +02:00
d40656b852
apport_abrt_chroot_priv_esc: check if apport-cli is in $PATH
2021-06-25 11:48:16 +00:00
69690ef09e
Fix RuboCop issues with sudo_baron_samedit.rb that were causing failures in some builds
2021-06-04 12:03:13 -05:00
fe8e586b22
fall to shell when meterpreter fails get_processes
...
shift `pidof` to `Msf::Post::Process`
2021-06-01 18:51:39 +05:30
56388cd696
Land #15146 , Add support for extra OSes for CVE-2021-3156 (Baron Samedit)
2021-05-18 18:02:30 -04:00
a8a1cf75b8
Reorder the Fedora targets to be descending
2021-05-18 18:02:12 -04:00
100da2f1b1
Enforce Style/RedundantBegin for new modules
2021-05-13 04:01:03 +01:00
5dc8d0e684
Added automatic cleanup for exploit scripts that modify /etc/passwd
2021-05-06 21:50:03 +10:00
832813f057
If the exploit is completed but no session is created, tell the user if they have alternative exploits they could try.
2021-05-06 12:37:18 +10:00
000546e551
Rubocop changes
2021-05-04 16:24:00 +10:00
fbc291bc22
Tested on various other Fedora's
2021-05-04 14:18:16 +10:00
7f89ac44ce
Tested module on Fedora 25
...
Also verify user does not already exist when adding a new user
2021-05-04 10:38:28 +10:00
0435e281d9
Updated CVE-2021-3156 documentation to reflect code changes.
2021-05-03 16:45:50 +10:00
3722435a25
Tested and verified exploitability of second CVE-2021-3156 exploit on three platforms
2021-04-30 18:51:06 +10:00
b1d2c39c98
Added second CentOS 7 exploit
2021-04-30 18:30:19 +10:00
124d157a1c
Added CVE-2021-3156 exploits for CentOS 7 and 8
2021-04-30 17:25:59 +10:00
79152cafe6
Added support for Ubuntu 14.04.3 for CVE-2021-3156
2021-04-29 20:48:51 +10:00
9d9d3ce061
Added Ubuntu 16.04-specific exploit script to CVE-2021-3156 module
...
The generic approach used for other targets doesn't work for 16.04, as that one relies on tcache bins, which are not present in glibc 2.23.
2021-04-29 18:28:13 +10:00
fcd17ed3b1
Port sudoedit exploit to Python
...
It's assumed that Python is more likely to be present on the target system
than gcc, so is better as a dependency.
2021-04-29 13:17:32 +10:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
edea755096
Land #14740 , CVE-2021-3156 Sudo LPE (AKA: Baron Samedit) Improvements
2021-02-22 17:48:33 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
01593f21b4
Add the Ubuntu 19.04 target for CVE-2021-3156
2021-02-12 10:06:47 -05:00
20067d183e
Use single quotes for escaping arguments consistently
2021-02-12 08:59:38 -05:00
f31c7846d2
Escape shell arguments even more thoroughly
2021-02-11 12:25:28 -05:00
944e8d572d
Register missing files for cleanup
2021-02-10 18:05:20 -05:00
6562f309ce
Handle whitespace in the target path
2021-02-10 17:40:42 -05:00
8757eb33fe
Add an automatic target that uses version fingerprinting
2021-02-10 16:16:33 -05:00
b9dd1b927b
Randomize the path to the library that's loaded
2021-02-10 08:45:52 -05:00
b4dd46a8de
Land #14721 , sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28
2021-02-05 16:01:58 -05:00
fc8ed5ba4e
Land #14154 , use prepend autocheck
2021-02-05 12:22:38 -06:00
cfda83df99
sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28
2021-02-05 07:54:34 +00:00
504865d507
Add a target for Ubuntu 18.04 and setgid and setuid by default
2021-02-04 10:45:00 -05:00
7281d00938
Implement feedback from PR review
2021-02-04 09:25:40 -05:00
c33c08bae9
Add a check method using the version information
2021-02-03 18:16:13 -05:00
c590d7b1bb
Add module docs and be more permissive with Length formatting
2021-02-03 18:16:13 -05:00
117cdc4fd7
Populate module metadata and cleanup files
2021-02-03 18:16:13 -05:00
b9413b4103
Update the exploit C code to allocate it's own PTY
2021-02-03 18:16:13 -05:00
13dd9ac10e
Initial work on CVE-2021-3156
2021-02-03 18:16:13 -05:00
3a2932b798
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
c855857506
Cleaned up more code
2020-10-11 02:26:02 -04:00
1cba6080cd
Cleaned up code
2020-10-09 22:04:26 -04:00
d623d85040
Added AutoCheck mixin
2020-10-09 19:45:28 -04:00
Spencer McIntyre