Permalink
Browse files

Patched RCE dubbed "skywalker 2.0" thanks to @zeroSteiner.

  • Loading branch information...
enigma0x3 committed Sep 16, 2016
1 parent 03ca7bd commit f030cf6232d3ebc626c64a117555611c5943c68e
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/common/agents.py
View
@@ -199,7 +199,7 @@ def save_file(self, sessionID, path, data, append=False):
filename = parts[-1]
# fix for 'skywalker' exploit by @zeroSteiner
safePath = os.path.abspath("%s/downloads/%s/" % (self.installPath, sessionID))
safePath = os.path.abspath("%s/downloads/" % self.installPath)
if not os.path.abspath(save_path + "/" + filename).startswith(safePath):
dispatcher.send("[!] WARNING: agent %s attempted skywalker exploit!" % (sessionID), sender="Agents")
dispatcher.send("[!] attempted overwrite of %s with data %s" % (path, data), sender="Agents")
@@ -240,7 +240,7 @@ def save_module_file(self, sessionID, path, data):
filename = parts[-1]
# fix for 'skywalker' exploit by @zeroSteiner
safePath = os.path.abspath("%s/downloads/%s/" % (self.installPath, sessionID))
safePath = os.path.abspath("%s/downloads/" % self.installPath)
if not os.path.abspath(save_path + "/" + filename).startswith(safePath):
dispatcher.send("[!] WARNING: agent %s attempted skywalker exploit!" % (sessionID), sender="Agents")
dispatcher.send("[!] attempted overwrite of %s with data %s" % (path, data), sender="Agents")

0 comments on commit f030cf6

Please sign in to comment.