e-m-b-a · BenediktMKuehne · Nov 9, 2022 · Oct 28, 2022 · Oct 31, 2022 · Oct 31, 2022
diff --git a/config/msf_cve-db.txt b/config/msf_cve-db.txt
@@ -21,6 +21,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/cnpilot_r_fpt.rb:CVE-2017-5261
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb:CVE-2013-2113
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/gitstack_rest.rb:CVE-2018-5955
+/usr/share/metasploit-framework/modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb:CVE-2017-7921
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/ibm_drm_download.rb:CVE-2020-4427
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/ibm_drm_download.rb:CVE-2020-4429
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/iis_auth_bypass.rb:CVE-2010-2731
@@ -235,6 +236,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb:CVE-2014-4671
 /usr/share/metasploit-framework/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess.rb:CVE-2020-5723
 /usr/share/metasploit-framework/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess.rb:CVE-2020-5724
+/usr/share/metasploit-framework/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb:CVE-2017-7921
 /usr/share/metasploit-framework/modules/auxiliary/gather/huawei_wifi_info.rb:CVE-2013-6031
 /usr/share/metasploit-framework/modules/auxiliary/gather/ibm_sametime_enumerate_users.rb:CVE-2013-3975
 /usr/share/metasploit-framework/modules/auxiliary/gather/ibm_sametime_room_brute.rb:CVE-2013-3977
@@ -676,7 +678,9 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_icontrol_exec.rb:CVE-2014-2928
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_icontrol_rce.rb:CVE-2022-1388
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_icontrol_rest_ssrf_rce.rb:CVE-2021-22986
+/usr/share/metasploit-framework/modules/exploits/linux/http/flir_ax8_unauth_rce_cve_2022_37061.rb:CVE-2022-37061
 /usr/share/metasploit-framework/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb:CVE-2013-2121
+/usr/share/metasploit-framework/modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb:CVE-2022-40684
 /usr/share/metasploit-framework/modules/exploits/linux/http/fritzbox_echo_exec.rb:CVE-2014-9727
 /usr/share/metasploit-framework/modules/exploits/linux/http/geutebruck_cmdinject_cve_2021_335xx.rb:CVE-2021-33543
 /usr/share/metasploit-framework/modules/exploits/linux/http/geutebruck_cmdinject_cve_2021_335xx.rb:CVE-2021-33544
@@ -689,6 +693,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/geutebruck_instantrec_bof.rb:CVE-2021-33549
 /usr/share/metasploit-framework/modules/exploits/linux/http/geutebruck_testaction_exec.rb:CVE-2020-16205
 /usr/share/metasploit-framework/modules/exploits/linux/http/gitlist_exec.rb:CVE-2014-4511
+/usr/share/metasploit-framework/modules/exploits/linux/http/glpi_htmlawed_php_injection.rb:CVE-2022-35914
 /usr/share/metasploit-framework/modules/exploits/linux/http/goahead_ldpreload.rb:CVE-2017-17562
 /usr/share/metasploit-framework/modules/exploits/linux/http/goautodial_3_rce_command_injection.rb:CVE-2015-2843
 /usr/share/metasploit-framework/modules/exploits/linux/http/goautodial_3_rce_command_injection.rb:CVE-2015-2845
@@ -785,6 +790,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/sophos_wpa_sblistpack_exec.rb:CVE-2013-4983
 /usr/share/metasploit-framework/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb:CVE-2022-23642
 /usr/share/metasploit-framework/modules/exploits/linux/http/spark_unauth_rce.rb:CVE-2018-11770
+/usr/share/metasploit-framework/modules/exploits/linux/http/spring_cloud_gateway_rce.rb:CVE-2022-22947
 /usr/share/metasploit-framework/modules/exploits/linux/http/suitecrm_log_file_rce.rb:CVE-2020-28328
 /usr/share/metasploit-framework/modules/exploits/linux/http/suitecrm_log_file_rce.rb:CVE-2021-42840
 /usr/share/metasploit-framework/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb:CVE-2017-11610
@@ -826,11 +832,13 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb:CVE-2017-17560
 /usr/share/metasploit-framework/modules/exploits/linux/http/webcalendar_settings_exec.rb:CVE-2012-1495
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_backdoor.rb:CVE-2019-15107
+/usr/share/metasploit-framework/modules/exploits/linux/http/webmin_file_manager_rce.rb:CVE-2022-0824
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_package_updates_rce.rb:CVE-2022-36446
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_packageup_rce.rb:CVE-2019-12840
 /usr/share/metasploit-framework/modules/exploits/linux/http/wepresent_cmd_injection.rb:CVE-2019-3929
 /usr/share/metasploit-framework/modules/exploits/linux/http/xplico_exec.rb:CVE-2017-16666
 /usr/share/metasploit-framework/modules/exploits/linux/http/zabbix_sqli.rb:CVE-2013-5743
+/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_cpio_cve_2022_41352.rb:CVE-2022-41352
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-27925
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-37042
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb:CVE-2022-30333
@@ -866,6 +874,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb:CVE-2015-3245
 /usr/share/metasploit-framework/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb:CVE-2015-3246
 /usr/share/metasploit-framework/modules/exploits/linux/local/nested_namespace_idmap_limit_priv_esc.rb:CVE-2018-18955
+/usr/share/metasploit-framework/modules/exploits/linux/local/netfilter_nft_set_elem_init_privesc.rb:CVE-2022-34918
 /usr/share/metasploit-framework/modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb:CVE-2016-4997
 /usr/share/metasploit-framework/modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb:CVE-2016-4998
 /usr/share/metasploit-framework/modules/exploits/linux/local/netfilter_xtables_heap_oob_write_priv_esc.rb:CVE-2021-22555
@@ -887,12 +896,14 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/sophos_wpa_clear_keys.rb:CVE-2013-4984
 /usr/share/metasploit-framework/modules/exploits/linux/local/sudo_baron_samedit.rb:CVE-2021-3156
 /usr/share/metasploit-framework/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb:CVE-2010-4170
+/usr/share/metasploit-framework/modules/exploits/linux/local/ubuntu_enlightenment_mount_priv_esc.rb:CVE-2022-37706
 /usr/share/metasploit-framework/modules/exploits/linux/local/udev_netlink.rb:CVE-2009-1185
 /usr/share/metasploit-framework/modules/exploits/linux/local/ueb_bpserverd_privesc.rb:CVE-2018-6329
 /usr/share/metasploit-framework/modules/exploits/linux/local/ufo_privilege_escalation.rb:CVE-2017-1000112
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_alsa_config.rb:CVE-2017-4915
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_mount.rb:CVE-2013-1662
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_workspace_one_access_certproxy_lpe.rb:CVE-2022-31660
+/usr/share/metasploit-framework/modules/exploits/linux/local/zimbra_postfix_priv_esc.rb:CVE-2022-3569
 /usr/share/metasploit-framework/modules/exploits/linux/local/zimbra_slapper_priv_esc.rb:CVE-2022-37393
 /usr/share/metasploit-framework/modules/exploits/linux/local/zyxel_suid_cp_lpe.rb:CVE-2022-30526
 /usr/share/metasploit-framework/modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb:CVE-2020-13151
@@ -1025,6 +1036,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_activemq_upload_jsp.rb:CVE-2016-3088
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb:CVE-2020-13945
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb:CVE-2022-24112
+/usr/share/metasploit-framework/modules/exploits/multi/http/apache_couchdb_erlang_rce.rb:CVE-2022-24706
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_jetspeed_file_upload.rb:CVE-2016-0709
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_jetspeed_file_upload.rb:CVE-2016-0710
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb:CVE-2014-6271
@@ -1161,6 +1173,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/plone_popen2.rb:CVE-2011-3587
 /usr/share/metasploit-framework/modules/exploits/multi/http/pmwiki_pagelist.rb:CVE-2011-4453
 /usr/share/metasploit-framework/modules/exploits/multi/http/polarcms_upload_exec.rb:CVE-2013-0803
+/usr/share/metasploit-framework/modules/exploits/multi/http/qdpm_authenticated_rce.rb:CVE-2020-7246
 /usr/share/metasploit-framework/modules/exploits/multi/http/rails_actionpack_inline_exec.rb:CVE-2016-2098
 /usr/share/metasploit-framework/modules/exploits/multi/http/rails_double_tap.rb:CVE-2019-5420
 /usr/share/metasploit-framework/modules/exploits/multi/http/rails_dynamic_render_code_exec.rb:CVE-2016-0752
@@ -1245,6 +1258,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_file_manager_rce.rb:CVE-2020-25213
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_ninja_forms_unauthenticated_file_upload.rb:CVE-2016-1209
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb:CVE-2021-24155
+/usr/share/metasploit-framework/modules/exploits/multi/http/wp_plugin_elementor_auth_upload_rce.rb:CVE-2022-1329
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb:CVE-2021-24145
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb:CVE-2021-24347
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_popular_posts_rce.rb:CVE-2021-42362
@@ -1292,6 +1306,9 @@
 /usr/share/metasploit-framework/modules/exploits/multi/ssh/sshexec.rb:CVE-1999-0502
 /usr/share/metasploit-framework/modules/exploits/multi/svn/svnserve_date.rb:CVE-2004-0397
 /usr/share/metasploit-framework/modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb:CVE-2012-5958
+/usr/share/metasploit-framework/modules/exploits/multi/veritas/beagent_sha_auth_rce.rb:CVE-2021-27876
+/usr/share/metasploit-framework/modules/exploits/multi/veritas/beagent_sha_auth_rce.rb:CVE-2021-27877
+/usr/share/metasploit-framework/modules/exploits/multi/veritas/beagent_sha_auth_rce.rb:CVE-2021-27878
 /usr/share/metasploit-framework/modules/exploits/multi/vpn/tincd_bof.rb:CVE-2013-1428
 /usr/share/metasploit-framework/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb:CVE-2009-0695
 /usr/share/metasploit-framework/modules/exploits/netware/smb/lsass_cifs.rb:CVE-2005-2852
@@ -1365,6 +1382,7 @@
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_clickjacking.rb:CVE-2017-1000479
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_diag_routes_webshell.rb:CVE-2021-41282
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_graph_injection_exec.rb:CVE-2016-10709
+/usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_pfblockerng_webshell.rb:CVE-2022-31814
 /usr/share/metasploit-framework/modules/exploits/unix/http/pihole_blocklist_exec.rb:CVE-2020-11108
 /usr/share/metasploit-framework/modules/exploits/unix/http/pihole_dhcp_mac_exec.rb:CVE-2020-8816
 /usr/share/metasploit-framework/modules/exploits/unix/http/quest_kace_systems_management_rce.rb:CVE-2018-11138
@@ -2297,6 +2315,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/misc/poppeeper_date.rb:CVE-2009-1029
 /usr/share/metasploit-framework/modules/exploits/windows/misc/poppeeper_uidl.rb:CVE-2009-1029
 /usr/share/metasploit-framework/modules/exploits/windows/misc/realtek_playlist.rb:CVE-2008-5664
+/usr/share/metasploit-framework/modules/exploits/windows/misc/remote_mouse_rce.rb:CVE-2022-3365
 /usr/share/metasploit-framework/modules/exploits/windows/misc/sap_2005_license.rb:CVE-2009-4988
 /usr/share/metasploit-framework/modules/exploits/windows/misc/sap_netweaver_dispatcher.rb:CVE-2012-2611
 /usr/share/metasploit-framework/modules/exploits/windows/misc/shixxnote_font.rb:CVE-2004-1595
@@ -2307,6 +2326,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb:CVE-2020-10914
 /usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb:CVE-2020-10915
 /usr/share/metasploit-framework/modules/exploits/windows/misc/vmhgfs_webdav_dll_sideload.rb:CVE-2016-5330
+/usr/share/metasploit-framework/modules/exploits/windows/misc/wifi_mouse_rce.rb:CVE-2022-3218
 /usr/share/metasploit-framework/modules/exploits/windows/misc/windows_rsh.rb:CVE-2007-4006
 /usr/share/metasploit-framework/modules/exploits/windows/misc/wireshark_lua.rb:CVE-2011-3360
 /usr/share/metasploit-framework/modules/exploits/windows/misc/wireshark_packet_dect.rb:CVE-2011-1591

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -40,6 +40,7 @@ services:
         - /dev:/dev
         - /lib/modules:/lib/modules:ro
         - /boot:/boot:ro
+          #- /home/m1k3/github-repos/EMBA-emulation-binaries:/external/firmae/binaries/:ro
     environment:
         - USER
     devices:

diff --git a/emba.sh b/emba.sh
@@ -857,7 +857,7 @@ main()
 
     if ! docker images | grep -qE "emba[[:space:]]*latest"; then
       print_output "[*] Available docker images:" "no_log"
-      docker images | grep -E "emba[[:space:]]*latest"
+      docker images | grep -E "emba[[:space:]]*latest" || true
       print_output "[-] EMBA docker not ready!" "no_log"
       exit 1
     else

diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh
@@ -478,7 +478,7 @@ dependency_check()
       check_dep_file "busybox.*" "$EXT_DIR""/firmae/binaries/busybox.mipsel"
       check_dep_file "libnvram.*" "$EXT_DIR""/firmae/binaries/libnvram.so.armel"
       check_dep_file "vmlinux.mips*" "$EXT_DIR""/firmae/binaries/vmlinux.mipseb.4"
-      check_dep_file "vmlinux.armel" "$EXT_DIR""/firmae/binaries/vmlinux.armel"
+      check_dep_file "zImage.armel" "$EXT_DIR""/firmae/binaries/zImage.armel"
 
       check_dep_file "fixImage.sh" "$MOD_DIR""/L10_system_emulation/fixImage.sh"
       check_dep_file "preInit.sh" "$MOD_DIR""/L10_system_emulation/preInit.sh"
@@ -542,6 +542,12 @@ architecture_dep_check() {
   local ARCH_STR="unknown"
   if [[ "$ARCH" == "MIPS" ]] ; then
     ARCH_STR="mips"
+  elif [[ "$ARCH" == "MIPS64R2" ]] ; then
+    ARCH_STR="mips64r2"
+  elif [[ "$ARCH" == "MIPS64_III" ]] ; then
+    ARCH_STR="mips64_III"
+  elif [[ "$ARCH" == "MIPS64N32" ]] ; then
+    ARCH_STR="mips64n32"
   elif [[ "$ARCH" == "ARM" ]] ; then
     ARCH_STR="arm"
   elif [[ "$ARCH" == "x86" ]] ; then
@@ -552,6 +558,8 @@ architecture_dep_check() {
   elif [[ "$ARCH" == "PPC" ]] ; then
     #ARCH_STR="powerpc:common"
     ARCH_STR="powerpc"
+  elif [[ "$ARCH" == "NIOS2" ]] ; then
+    ARCH_STR="nios2"
   else
     ARCH_STR="unknown"
   fi

diff --git a/helpers/helpers_emba_helpers.sh b/helpers/helpers_emba_helpers.sh
@@ -156,8 +156,8 @@ cleaner() {
   if [[ -d "$TMP_DIR" ]]; then
     rm -r "$TMP_DIR" 2>/dev/null || true
   fi
-  print_output "[!] Test ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "no_log"
   if [[ "$INTERRUPT_CLEAN" -eq 1 ]]; then
+    print_output "[!] Test ended on ""$(date)"" and took about ""$(date -d@"$SECONDS" -u +%H:%M:%S)"" \\n" "no_log"
     exit 1
   fi
 }
@@ -185,7 +185,8 @@ emba_updater() {
     git pull
     cd "$BASE_PATH" || exit
   else
-    git clone https://github.com/trickest/cve.git "$EXT_DIR"/trickest-cve
+    #git clone https://github.com/trickest/cve.git "$EXT_DIR"/trickest-cve
+    git clone https://github.com/EMBA-support-repos/trickest-cve.git "$EXT_DIR"/trickest-cve
   fi
 
   print_output "[*] Please note that this was only a data update and no installed packages were updated." "no_log"