e-m-b-a · m-1-k-3 · Oct 9, 2022 · Oct 7, 2022 · Oct 7, 2022
diff --git a/config/distri_id.cfg b/config/distri_id.cfg
@@ -5,7 +5,7 @@ OpenWRT;/etc/banner;grep -a -o -E "BACKFIRE.\(bleeding.edge..r[0-9]+\)";sort -u
 # Reboot (17.01.0-rc2, r3131-42f3c1f) -> LEDE
 OpenWRT;/etc/openwrt_release;grep -a -o -E -e "^DISTRIB_ID=.*" -a -o -E -e "^DISTRIB_RELEASE=.*[0-9].*" -a -o -E -e "^DISTRIB_REVISION=.*";sort -u | tr '\n' ' ' | sed 's/DISTRIB_ID=//g' | sed 's/DISTRIB_RELEASE=//g' | sed 's/DISTRIB_REVISION=//g' | tr -d \' | tr -d \"
 OpenWRT;/etc/openwrt_version;grep -E -e "[0-9]+\.[0-9]+";sed -e 's/^/OpenWrt\ /g'
-buildroot;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION_ID=.*";sort -u | tr '\n' ' ' | sed 's/NAME=//g' | sed 's/VERSION_ID=//g' | tr -d \" | grep -i "Buildroot [0-9]"
+buildroot;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION_ID=[0-9].*";sort -u | tr '\n' ' ' | sed 's/NAME=//g' | sed 's/VERSION_ID=//g' | tr -d \"
 os-release-Linux;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION=.*";sort -u | tr '\n' ' ' | sed 's/NAME=//g' | sed 's/VERSION=//g' | tr -d \"
 lsb-release-Linux;/etc/lsb-release;grep -a -o -E -e "^DISTRIB_ID=.*" -a -o -E -e "^DISTRIB_RELEASE=.*";sort -u | tr '\n' ' ' | sed 's/DISTRIB_ID=//g' | sed 's/DISTRIB_RELEASE=//g' | tr -d \"
 #debian-Linux;/etc/debian-version;-a -o -E -e ".*";sort -u

diff --git a/config/msf_cve-db.txt b/config/msf_cve-db.txt
@@ -245,6 +245,8 @@
 /usr/share/metasploit-framework/modules/auxiliary/gather/jetty_web_inf_disclosure.rb:CVE-2021-34429
 /usr/share/metasploit-framework/modules/auxiliary/gather/joomla_contenthistory_sqli.rb:CVE-2015-7297
 /usr/share/metasploit-framework/modules/auxiliary/gather/ldap_hashdump.rb:CVE-2020-3952
+/usr/share/metasploit-framework/modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb:CVE-2020-11532
+/usr/share/metasploit-framework/modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb:CVE-2020-11532
 /usr/share/metasploit-framework/modules/auxiliary/gather/mantisbt_admin_sqli.rb:CVE-2014-2238
 /usr/share/metasploit-framework/modules/auxiliary/gather/mcafee_epo_xxe.rb:CVE-2015-0921
 /usr/share/metasploit-framework/modules/auxiliary/gather/mcafee_epo_xxe.rb:CVE-2015-0922
@@ -417,6 +419,9 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/tplink_traversal_noauth.rb:CVE-2012-5687
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/trace.rb:CVE-2005-3398
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/tvt_nvms_traversal.rb:CVE-2019-20085
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb:CVE-2022-34876
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb:CVE-2022-34877
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb:CVE-2022-34878
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wangkongbao_traversal.rb:CVE-2012-4031
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/webdav_internal_ip.rb:CVE-2002-0422
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wildfly_traversal.rb:CVE-2014-7816
@@ -606,6 +611,7 @@
 /usr/share/metasploit-framework/modules/exploits/hpux/lpd/cleanup_exec.rb:CVE-2002-1473
 /usr/share/metasploit-framework/modules/exploits/irix/lpd/tagprinter_exec.rb:CVE-2001-0800
 /usr/share/metasploit-framework/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb:CVE-2008-5499
+/usr/share/metasploit-framework/modules/exploits/linux/fileformat/unrar_cve_2022_30333.rb:CVE-2022-30333
 /usr/share/metasploit-framework/modules/exploits/linux/ftp/proftp_sreplace.rb:CVE-2006-5815
 /usr/share/metasploit-framework/modules/exploits/linux/ftp/proftp_telnet_iac.rb:CVE-2010-4221
 /usr/share/metasploit-framework/modules/exploits/linux/games/ut2004_secure.rb:CVE-2004-0608
@@ -620,6 +626,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/apache_druid_js_rce.rb:CVE-2021-25646
 /usr/share/metasploit-framework/modules/exploits/linux/http/apache_ofbiz_deserialization.rb:CVE-2020-9496
 /usr/share/metasploit-framework/modules/exploits/linux/http/apache_ofbiz_deserialization_soap.rb:CVE-2021-26295
+/usr/share/metasploit-framework/modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb:CVE-2022-33891
 /usr/share/metasploit-framework/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb:CVE-2020-17505
 /usr/share/metasploit-framework/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb:CVE-2020-17506
 /usr/share/metasploit-framework/modules/exploits/linux/http/asuswrt_lan_rce.rb:CVE-2018-5999
@@ -628,11 +635,13 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/axis_srv_parhand_rce.rb:CVE-2018-10661
 /usr/share/metasploit-framework/modules/exploits/linux/http/axis_srv_parhand_rce.rb:CVE-2018-10662
 /usr/share/metasploit-framework/modules/exploits/linux/http/belkin_login_bof.rb:CVE-2014-1635
+/usr/share/metasploit-framework/modules/exploits/linux/http/bitbucket_git_cmd_injection.rb:CVE-2022-36804
 /usr/share/metasploit-framework/modules/exploits/linux/http/bludit_upload_images_exec.rb:CVE-2019-16113
 /usr/share/metasploit-framework/modules/exploits/linux/http/cayin_cms_ntp.rb:CVE-2020-7357
 /usr/share/metasploit-framework/modules/exploits/linux/http/centreon_sqli_exec.rb:CVE-2014-3828
 /usr/share/metasploit-framework/modules/exploits/linux/http/centreon_sqli_exec.rb:CVE-2014-3829
 /usr/share/metasploit-framework/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb:CVE-2013-2068
+/usr/share/metasploit-framework/modules/exploits/linux/http/cisco_asax_sfr_rce.rb:CVE-2022-20828
 /usr/share/metasploit-framework/modules/exploits/linux/http/cisco_firepower_useradd.rb:CVE-2016-6433
 /usr/share/metasploit-framework/modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb:CVE-2021-1499
 /usr/share/metasploit-framework/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb:CVE-2021-1497
@@ -714,6 +723,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/microfocus_secure_messaging_gateway.rb:CVE-2018-12464
 /usr/share/metasploit-framework/modules/exploits/linux/http/microfocus_secure_messaging_gateway.rb:CVE-2018-12465
 /usr/share/metasploit-framework/modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb:CVE-2020-15920
+/usr/share/metasploit-framework/modules/exploits/linux/http/mobileiron_core_log4shell.rb:CVE-2021-44228
 /usr/share/metasploit-framework/modules/exploits/linux/http/mobileiron_mdm_hessian_rce.rb:CVE-2020-15505
 /usr/share/metasploit-framework/modules/exploits/linux/http/multi_ncc_ping_exec.rb:CVE-2015-1187
 /usr/share/metasploit-framework/modules/exploits/linux/http/mutiny_frontend_upload.rb:CVE-2013-0136
@@ -739,6 +749,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/nuuo_nvrmini_auth_rce.rb:CVE-2016-5675
 /usr/share/metasploit-framework/modules/exploits/linux/http/nuuo_nvrmini_unauth_rce.rb:CVE-2016-5674
 /usr/share/metasploit-framework/modules/exploits/linux/http/pandora_fms_events_exec.rb:CVE-2020-13851
+/usr/share/metasploit-framework/modules/exploits/linux/http/panos_op_cmd_exec.rb:CVE-2020-2038
 /usr/share/metasploit-framework/modules/exploits/linux/http/panos_readsessionvars.rb:CVE-2017-15944
 /usr/share/metasploit-framework/modules/exploits/linux/http/peercast_url.rb:CVE-2006-1148
 /usr/share/metasploit-framework/modules/exploits/linux/http/php_imap_open_rce.rb:CVE-2018-1000859
@@ -815,10 +826,14 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb:CVE-2017-17560
 /usr/share/metasploit-framework/modules/exploits/linux/http/webcalendar_settings_exec.rb:CVE-2012-1495
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_backdoor.rb:CVE-2019-15107
+/usr/share/metasploit-framework/modules/exploits/linux/http/webmin_package_updates_rce.rb:CVE-2022-36446
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_packageup_rce.rb:CVE-2019-12840
 /usr/share/metasploit-framework/modules/exploits/linux/http/wepresent_cmd_injection.rb:CVE-2019-3929
 /usr/share/metasploit-framework/modules/exploits/linux/http/xplico_exec.rb:CVE-2017-16666
 /usr/share/metasploit-framework/modules/exploits/linux/http/zabbix_sqli.rb:CVE-2013-5743
+/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-27925
+/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-37042
+/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb:CVE-2022-30333
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9621
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9670
 /usr/share/metasploit-framework/modules/exploits/linux/http/zyxel_ztp_rce.rb:CVE-2022-30525
@@ -877,6 +892,9 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/ufo_privilege_escalation.rb:CVE-2017-1000112
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_alsa_config.rb:CVE-2017-4915
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_mount.rb:CVE-2013-1662
+/usr/share/metasploit-framework/modules/exploits/linux/local/vmware_workspace_one_access_certproxy_lpe.rb:CVE-2022-31660
+/usr/share/metasploit-framework/modules/exploits/linux/local/zimbra_slapper_priv_esc.rb:CVE-2022-37393
+/usr/share/metasploit-framework/modules/exploits/linux/local/zyxel_suid_cp_lpe.rb:CVE-2022-30526
 /usr/share/metasploit-framework/modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb:CVE-2020-13151
 /usr/share/metasploit-framework/modules/exploits/linux/misc/asus_infosvr_auth_bypass_exec.rb:CVE-2014-9583
 /usr/share/metasploit-framework/modules/exploits/linux/misc/cisco_rv340_sslvpn.rb:CVE-2022-20699
@@ -1917,6 +1935,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/games/racer_503beta5.rb:CVE-2007-4370
 /usr/share/metasploit-framework/modules/exploits/windows/games/ut2004_secure.rb:CVE-2004-0608
 /usr/share/metasploit-framework/modules/exploits/windows/http/adobe_robohelper_authbypass.rb:CVE-2009-3068
+/usr/share/metasploit-framework/modules/exploits/windows/http/advantech_iview_networkservlet_cmd_inject.rb:CVE-2022-2143
 /usr/share/metasploit-framework/modules/exploits/windows/http/advantech_iview_unauth_rce.rb:CVE-2021-22652
 /usr/share/metasploit-framework/modules/exploits/windows/http/altn_securitygateway.rb:CVE-2008-4193
 /usr/share/metasploit-framework/modules/exploits/windows/http/altn_webadmin.rb:CVE-2003-0471
@@ -1956,7 +1975,8 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec.rb:CVE-2012-5357
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec_ws.rb:CVE-2015-0923
 /usr/share/metasploit-framework/modules/exploits/windows/http/ericom_access_now_bof.rb:CVE-2014-3913
-/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_denylist_typo_rce.rb:CVE-2021-42321
+/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb:CVE-2021-42321
+/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb:CVE-2022-23277
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-16875
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-17132
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_viewstate.rb:CVE-2020-0688
@@ -2018,6 +2038,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb:CVE-2012-1195
 /usr/share/metasploit-framework/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb:CVE-2012-1196
 /usr/share/metasploit-framework/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb:CVE-2014-8741
+/usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb:CVE-2022-28219
 /usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2021_40539.rb:CVE-2021-40539
 /usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb:CVE-2022-28810
 /usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_appmanager_exec.rb:CVE-2018-7890
@@ -2085,6 +2106,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/zentao_pro_rce.rb:CVE-2020-7361
 /usr/share/metasploit-framework/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb:CVE-2011-2653
 /usr/share/metasploit-framework/modules/exploits/windows/http/zenworks_uploadservlet.rb:CVE-2010-5324
+/usr/share/metasploit-framework/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb:CVE-2022-35405
 /usr/share/metasploit-framework/modules/exploits/windows/ibm/ibm_was_dmgr_java_deserialization_rce.rb:CVE-2019-4279
 /usr/share/metasploit-framework/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb:CVE-2017-7269
 /usr/share/metasploit-framework/modules/exploits/windows/iis/ms01_023_printer.rb:CVE-2001-0241
@@ -2281,6 +2303,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/misc/stream_down_bof.rb:CVE-2011-5052
 /usr/share/metasploit-framework/modules/exploits/windows/misc/tiny_identd_overflow.rb:CVE-2007-2711
 /usr/share/metasploit-framework/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb:CVE-2011-5001
+/usr/share/metasploit-framework/modules/exploits/windows/misc/unified_remote_rce.rb:CVE-2022-3229
 /usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb:CVE-2020-10914
 /usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb:CVE-2020-10915
 /usr/share/metasploit-framework/modules/exploits/windows/misc/vmhgfs_webdav_dll_sideload.rb:CVE-2016-5330
@@ -2443,6 +2466,7 @@
 /usr/share/metasploit-framework/modules/post/hardware/automotive/pdt.rb:CVE-2017-14937
 /usr/share/metasploit-framework/modules/post/linux/dos/xen_420_dos.rb:CVE-2012-5525
 /usr/share/metasploit-framework/modules/post/linux/gather/haserl_read.rb:CVE-2021-29133
+/usr/share/metasploit-framework/modules/post/linux/gather/mimipenguin.rb:CVE-2018-20781
 /usr/share/metasploit-framework/modules/post/multi/escalate/cups_root_file_read.rb:CVE-2012-5519
 /usr/share/metasploit-framework/modules/post/multi/sap/smdagent_get_properties.rb:CVE-2019-0307
 /usr/share/metasploit-framework/modules/post/osx/escalate/tccbypass.rb:CVE-2020-9934

diff --git a/installer/IF20_cve_search.sh b/installer/IF20_cve_search.sh
@@ -112,6 +112,9 @@ IF20_cve_search() {
           apt-get update -y
           print_tool_info "mongodb-org" 1
           apt-get install mongodb-org -y
+          if ! [[ -f /etc/mongod.conf ]]; then
+            echo "Could not install EMBA component mongod - missing mongod.conf file" && exit 1
+          fi
           sed -i 's/bindIp\:\ 127.0.0.1/bindIp\:\ 172.36.0.1/g' /etc/mongod.conf
 
           if [[ "$WSL" -eq 0 ]]; then

diff --git a/modules/S03_firmware_bin_base_analyzer.sh b/modules/S03_firmware_bin_base_analyzer.sh
@@ -100,6 +100,7 @@ os_detection_thread_per_os() {
   local OS="${1:-}"
   local DETECTED=0
   local OS_=""
+  local OS_COUNTER_VxWorks=0
 
   OS_COUNTER[$OS]=0
   OS_COUNTER[$OS]=$(("${OS_COUNTER[$OS]}"+"$(find "$OUTPUT_DIR" -xdev -type f -exec strings {} \; | grep -i -c "$OS" 2> /dev/null || true)"))

diff --git a/modules/S06_distribution_identification.sh b/modules/S06_distribution_identification.sh
@@ -46,8 +46,10 @@ S06_distribution_identification()
           SED_COMMAND="$(echo "$CONFIG" | cut -d\; -f4)"
           FILE_QUOTED=$(escape_echo "$FILE")
           OUT1="$(eval "$PATTERN" "$FILE_QUOTED" || true)"
+          # echo "PATTERN: $PATTERN"
           # echo "SED command: $SED_COMMAND"
           # echo "identified: $OUT1"
+          # echo "FILE: $FILE_QUOTED"
           IDENTIFIER=$(echo -e "$OUT1" | eval "$SED_COMMAND" | sed 's/  \+/ /g' | sed 's/ $//' || true)
 
           if [[ $(basename "$FILE") == "image_sign" ]]; then

diff --git a/modules/S109_jtr_local_pw_cracking.sh b/modules/S109_jtr_local_pw_cracking.sh
@@ -70,7 +70,6 @@ S109_jtr_local_pw_cracking()
         print_output "[*] Found password data $ORANGE$HASH$NC for further processing in $ORANGE$HASH_SOURCE$NC"
         echo "$HASH" >> "$LOG_PATH_MODULE"/jtr_hashes.txt
       fi
-
     done
 
     if [[ -f "$LOG_PATH_MODULE"/jtr_hashes.txt ]]; then
@@ -80,14 +79,14 @@ S109_jtr_local_pw_cracking()
       timeout --preserve-status --signal SIGINT "$JTR_TIMEOUT" john --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt | tee -a "$LOG_FILE" || true
       print_ln
       NEG_LOG=1
-    fi
 
-    mapfile -t CRACKED_HASHES < <(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep -v "password hash\(es\)\? cracked" | grep -v "^$" || true)
-    JTR_FINAL_STAT=$(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep "password hash\(es\)\? cracked\|No password hashes loaded" || true)
-    CRACKED=$(echo "$JTR_FINAL_STAT" | awk '{print $1}')
-    if [[ -n "$JTR_FINAL_STAT" ]]; then
-      print_output "[*] John the ripper final status: $ORANGE$JTR_FINAL_STAT$NC"
-      NEG_LOG=1
+      mapfile -t CRACKED_HASHES < <(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep -v "password hash\(es\)\? cracked" | grep -v "^$" || true)
+      JTR_FINAL_STAT=$(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep "password hash\(es\)\? cracked\|No password hashes loaded" || true)
+      CRACKED=$(echo "$JTR_FINAL_STAT" | awk '{print $1}')
+      if [[ -n "$JTR_FINAL_STAT" ]]; then
+        print_output "[*] John the ripper final status: $ORANGE$JTR_FINAL_STAT$NC"
+        NEG_LOG=1
+      fi
     fi
 
     if [[ "$CRACKED" -gt 0 ]]; then