github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-09-25 10:48:31 +02:00
Code Releases Activity

Reorder the Fedora targets to be descending

Browse Source
This commit is contained in:
Spencer McIntyre 2021-05-18 18:02:12 -04:00
parent 5dc8d0e684
commit a8a1cf75b8
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
documentation/modules/exploit/linux/local/sudo_baron_samedit.md
View File

@ -61,18 +61,18 @@ The lengths to set as used by the manual target. See the "Manual Target" section
### NewUser
*This is an advanced option.*
For targets using the second technique (adding a user to /etc/passwd), this is the name of the user.
In the event of a successful exploit, the module remove that user from /etc/passwd as a cleanup measure.
In the event of a successful exploit, the module will remove that user from /etc/passwd as a cleanup measure.
If the exploit partially succeeds (that is, writes to /etc/passwd, but does not result in a shell), this
account will need to be manually cleaned up.
### NewPassword
*This is an advanced option.*
For targets using the second technique (adding a user to /etc/passwd), this is the new password. If left blank,
the system creates a long, random password.
## Scenarios
### Ubuntu 20.04.1 x64

10
modules/exploits/linux/local/sudo_baron_samedit.rb
View File

@ -63,11 +63,11 @@ class MetasploitModule < Msf::Exploit::Local
[ 'CentOS 8 x64 (sudo v1.8.25p1, libc v2.28)', { exploit_script: 'nss_generic2', exploit_params: [ ], exploit_technique: 'nss', lib_needs_space: false, version_fingerprint: /^CentOS Linux release 8/ } ],
[ 'CentOS 7 x64 (sudo v1.8.23, libc v2.17)', { exploit_script: 'userspec_c7', exploit_technique: 'userspec', version_fingerprint: /^CentOS Linux release 7/ } ],
[ 'CentOS 7 x64 (sudo v1.8.23, libc v2.17) - alternative', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^CentOS Linux release 7/ } ],
[ 'Fedora 23 x64 (sudo v1.8.14p3, libc v2.22)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 23/ } ],
[ 'Fedora 24 x64 (sudo v1.8.16, libc v2.23)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 24/ } ],
[ 'Fedora 25 x64 (sudo v1.8.18, libc v2.24)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 25/ } ],
[ 'Fedora 26 x64 (sudo v1.8.20p2, libc v2.25)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 26/ } ],
[ 'Fedora 27 x64 (sudo v1.8.21p2, libc v2.26)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 27/ } ],
[ 'Fedora 26 x64 (sudo v1.8.20p2, libc v2.25)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 26/ } ],
[ 'Fedora 25 x64 (sudo v1.8.18, libc v2.24)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 25/ } ],
[ 'Fedora 24 x64 (sudo v1.8.16, libc v2.23)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 24/ } ],
[ 'Fedora 23 x64 (sudo v1.8.14p3, libc v2.22)', { exploit_script: 'userspec_generic', exploit_technique: 'userspec', version_fingerprint: /^Fedora release 23/ } ],
[ 'Manual', { exploit_script: 'nss_generic1', exploit_technique: 'nss', lib_needs_space: true } ],
],
'DefaultTarget' => 0,
@ -87,7 +87,7 @@ class MetasploitModule < Msf::Exploit::Local
])
register_advanced_options([
OptString.new('Lengths', [ false, 'The lengths to set as used by the manual target. (format: #,#,#,#)' ], regex: /(\d+(, *| )){3}\d+/),
OptString.new('Lengths', [ false, 'The lengths to set as used by the manual target. (format: #,#,#,#)' ], regex: /(\d+(, *| )){3}\d+/, conditions: %w[TARGET == Manual]),
OptString.new('NewUser', [ false, 'A username to add as root (if required by exploit target)', 'msf' ], regex: /^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$/),
OptString.new('NewPassword', [ false, 'A password to add for NewUser (if required by exploit target)' ]),
])