Skip to content

Commit

Permalink
Land #10750, formatting and AKA reference fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@wvu
wvu committed Oct 5, 2018
2 parents ceb5194 + 7bc98e0 commit 2bdecf7
Show file tree
Hide file tree
Showing 7 changed files with 110 additions and 119 deletions.
5 changes: 1 addition & 4 deletions modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,7 @@ def initialize(info = {})
],
'DisclosureDate' => 'Sep 24 2014',
'License' => MSF_LICENSE,
'Notes' =>
{
'AKA' => ['Shellshock']
}
'Notes' => {'AKA' => ['Shellshock']}
))

register_options([
Expand Down
56 changes: 28 additions & 28 deletions modules/exploits/linux/http/axis_srv_parhand_rce.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ class MetasploitModule < Msf::Exploit::Remote

def initialize(info = {})
super(update_info(info,
'Name' => 'Axis Network Camera .srv to parhand RCE',
'Description' => %q{
'Name' => 'Axis Network Camera .srv to parhand RCE',
'Description' => %q{
This module exploits an auth bypass in .srv functionality and a
command injection in parhand to execute code as the root user.
},
'Author' => [
'Author' => [
'Or Peles', # Vulnerability discovery (VDOO)
'wvu', # Metasploit module
'sinn3r', # Metasploit module
Expand All @@ -28,46 +28,46 @@ def initialize(info = {})
'Chris Lee', # Metasploit module
'Cale Black' # Metasploit module
],
'References' => [
'References' => [
['CVE', '2018-10660'],
['CVE', '2018-10661'],
['CVE', '2018-10662'],
['URL', 'https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/'],
['URL', 'https://www.axis.com/files/faq/Advisory_ACV-128401.pdf']
],
'DisclosureDate' => 'Jun 18 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_ARMLE],
'Privileged' => true,
'Targets' => [
'DisclosureDate' => 'Jun 18 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_ARMLE],
'Privileged' => true,
'Targets' => [
['Unix In-Memory',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {
'BadChars' => ' ',
'Encoder' => 'cmd/ifs',
'Compat' => {
'PayloadType' => 'cmd',
'RequiredCmd' => 'netcat-e'
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {
'BadChars' => ' ',
'Encoder' => 'cmd/ifs',
'Compat' => {
'PayloadType' => 'cmd',
'RequiredCmd' => 'netcat-e'
}
},
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
}
],
['Linux Dropper',
'Platform' => 'linux',
'Arch' => ARCH_ARMLE,
'Type' => :linux_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
'Platform' => 'linux',
'Arch' => ARCH_ARMLE,
'Type' => :linux_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'linux/armle/meterpreter_reverse_tcp'
}
]
],
'DefaultTarget' => 1,
'DefaultOptions' => {'WfsDelay' => 10}
'DefaultTarget' => 1,
'DefaultOptions' => {'WfsDelay' => 10}
))
end

Expand Down
42 changes: 21 additions & 21 deletions modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ class MetasploitModule < Msf::Exploit::Remote

def initialize(info = {})
super(update_info(info,
'Name' => 'HP VAN SDN Controller Root Command Injection',
'Description' => %q{
'Name' => 'HP VAN SDN Controller Root Command Injection',
'Description' => %q{
This module exploits a hardcoded service token or default credentials
in HPE VAN SDN Controller <= 2.7.18.0503 to execute a payload as root.
Expand All @@ -27,36 +27,36 @@ def initialize(info = {})
If the service token option TOKEN is blank, USERNAME and PASSWORD will
be used for authentication. An additional login request will be sent.
},
'Author' => [
'Author' => [
'Matt Bergin', # Vulnerability discovery and Python exploit
'wvu' # Metasploit module and additional ~research~
],
'References' => [
'References' => [
['EDB', '44951'],
['URL', 'https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt']
],
'DisclosureDate' => 'Jun 25 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Privileged' => true,
'Targets' => [
'DisclosureDate' => 'Jun 25 2018',
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Privileged' => true,
'Targets' => [
['Unix In-Memory',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'BadChars' => ' '},
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'}
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'BadChars' => ' '},
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'}
],
['Linux Dropper',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper,
'DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper,
'DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {'RPORT' => 8081, 'SSL' => true}
'DefaultTarget' => 0,
'DefaultOptions' => {'RPORT' => 8081, 'SSL' => true}
))

register_options([
Expand Down
20 changes: 10 additions & 10 deletions modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,20 +45,20 @@ def initialize(info = {})
'Privileged' => false,
'Targets' => [
['Unix (In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory,
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
],
['PowerShell (In-Memory)',
'Platform' => 'win',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :psh_memory
'Platform' => 'win',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :psh_memory
],
['Linux (Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
]
],
'DefaultTarget' => 0
Expand Down
6 changes: 3 additions & 3 deletions modules/exploits/unix/fileformat/imagemagick_delegate.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,7 @@ def initialize(info = {})
%w{URL https://seclists.org/oss-sec/2016/q3/682},
%w{URL https://github.com/ImageMagick/ImageMagick/commit/06c41ab},
%w{URL https://github.com/ImageMagick/ImageMagick/commit/a347456},
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669},
%w{AKA ImageTragick}
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669}
],
'DisclosureDate' => 'May 3 2016',
'License' => MSF_LICENSE,
Expand All @@ -63,7 +62,8 @@ def initialize(info = {})
['MVG file', template: 'msf.mvg'], # convert msf.svg msf.mvg
['PS file', template: 'msf.ps'] # PoC from taviso
],
'DefaultTarget' => 0
'DefaultTarget' => 0,
'Notes' => {'AKA' => ['ImageTragick']}
))

register_options([
Expand Down
98 changes: 46 additions & 52 deletions modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def initialize(info = {})
['URL', 'https://research.checkpoint.com/uncovering-drupalgeddon-2/'],
['URL', 'https://github.com/a2u/CVE-2018-7600'],
['URL', 'https://github.com/nixawk/labs/issues/19'],
['URL', 'https://github.com/FireFart/CVE-2018-7600'],
['URL', 'https://github.com/FireFart/CVE-2018-7600']
],
'DisclosureDate' => 'Mar 28 2018',
'License' => MSF_LICENSE,
Expand All @@ -47,89 +47,83 @@ def initialize(info = {})
# Automatic targets (PHP, cmd/unix, native)
#
['Automatic (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_memory
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_memory
],
['Automatic (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_dropper
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php_dropper
],
['Automatic (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_memory
],
['Automatic (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
],
#
# Drupal 7.x targets (PHP, cmd/unix, native)
#
['Drupal 7.x (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_memory
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_memory
],
['Drupal 7.x (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_dropper
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7'),
'Type' => :php_dropper
],
['Drupal 7.x (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('7'),
'Type' => :unix_memory
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('7'),
'Type' => :unix_memory
],
['Drupal 7.x (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('7'),
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('7'),
'Type' => :linux_dropper
],
#
# Drupal 8.x targets (PHP, cmd/unix, native)
#
['Drupal 8.x (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_memory
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_memory
],
['Drupal 8.x (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_dropper
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8'),
'Type' => :php_dropper
],
['Drupal 8.x (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('8'),
'Type' => :unix_memory
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('8'),
'Type' => :unix_memory
],
['Drupal 8.x (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('8'),
'Type' => :linux_dropper
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('8'),
'Type' => :linux_dropper
]
],
'DefaultTarget' => 0, # Automatic (PHP In-Memory)
'DefaultOptions' => {'WfsDelay' => 2},
'Notes' =>
{
'AKA' => [
'SA-CORE-2018-002',
'Drupalgeddon 2'
]
}
'Notes' => {'AKA' => ['SA-CORE-2018-002', 'Drupalgeddon 2']}
))

register_options([
Expand Down
2 changes: 1 addition & 1 deletion modules/exploits/windows/smb/ms17_010_eternalblue_win8.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
'SMBPass': {'type': 'string', 'description': '(Optional) The password for the specified username', 'required': False, 'default': ''}
},
'notes': {
'AKA': ['ETERNALBLUE']
'AKA': ['ETERNALBLUE']
}
}

Expand Down

0 comments on commit 2bdecf7

Please sign in to comment.