New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add nuuo_nvrmini_upgrade_rce.rb #11072

Merged
merged 7 commits into from Feb 7, 2019

Conversation

Projects
None yet
4 participants
@berkdsnr
Copy link
Contributor

berkdsnr commented Dec 6, 2018

This module is best explained in the following link:
https://www.berkdusunur.net/2018/11/development-of-metasploit-module-after.html

Tenable also has a write-up for this:
https://www.tenable.com/security/research/tra-2018-41

@berkdsnr

This comment has been minimized.

Copy link
Contributor Author

berkdsnr commented Dec 6, 2018

@berkdsnr

This comment has been minimized.

Copy link
Contributor Author

berkdsnr commented Dec 6, 2018

Can you review it again

@bcoles bcoles referenced this pull request Dec 6, 2018

Closed

nuuo_nvrmini_upgrade_rce #11069

0 of 6 tasks complete
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Dec 6, 2018

Please resolve msftidy errors.

$ ./.git/hooks/post-merge
[*] Running msftidy.rb in ./.git/hooks/post-merge mode
--- Checking new and changed module syntax with tools/dev/msftidy.rb ---
modules/exploits/multi/http/nuuo_nvrmini_upgrade_rce.rb:20 - [WARNING] Spaces at EOL

berkdsnr added some commits Dec 6, 2018

berkdsnr added some commits Dec 6, 2018

@bcoles
Copy link
Contributor

bcoles left a comment

indentation

fail_with(Failure::Unknown, 'Failed to execute the command.')
end
res
end

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor
Suggested change Beta
end
end

This comment has been minimized.

@berkdsnr

berkdsnr Dec 6, 2018

Author Contributor

solved

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

No it isn't

indentation

end
res
end
def exploit

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor
Suggested change Beta
def exploit
def exploit

This comment has been minimized.

@berkdsnr

berkdsnr Dec 6, 2018

Author Contributor

solved

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

No it isn't

indentation

end
def exploit
http_send_command(payload.encoded)
end

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor
Suggested change Beta
end
end

This comment has been minimized.

@berkdsnr

berkdsnr Dec 6, 2018

Author Contributor

solved

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

No it isn't

indentation

def exploit
http_send_command(payload.encoded)
end
end

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor
Suggested change Beta
end
end

This comment has been minimized.

@berkdsnr

berkdsnr Dec 6, 2018

Author Contributor

solved

This comment has been minimized.

@bcoles

bcoles Dec 6, 2018

Contributor

No it isn't

indentation

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Dec 14, 2018

It looks like in order to test this module, the device is not cheap to buy? How did you test it? Do you think you can make a pcap for us that captures using the module to get a session? Within legal limits, of course. Thank you!

@berkdsnr

This comment has been minimized.

Copy link
Contributor Author

berkdsnr commented Dec 15, 2018

With this vulnerability I have encountered during the penetration test. But I have a picture that I use the module with an external ip address

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Dec 17, 2018

@berkdsnr Is it possible to email that image to us? The email address is: msfdev[at]metasploit.com. You may mask out the IPs if you need to. Thank you.

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Dec 19, 2018

We have received that email and is currently being reviewed. You will hear back from us soon. Thank you!

@berkdsnr

This comment has been minimized.

Copy link
Contributor Author

berkdsnr commented Dec 19, 2018

@wvu-r7

This comment has been minimized.

Copy link
Contributor

wvu-r7 commented Dec 19, 2018

@wchen-r7 wchen-r7 self-assigned this Feb 6, 2019

@wchen-r7 wchen-r7 merged commit f94559a into rapid7:master Feb 7, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

wchen-r7 added a commit that referenced this pull request Feb 7, 2019

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Feb 7, 2019

Release Notes

This exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgrade_handle.php file.

msjenkins-r7 added a commit that referenced this pull request Feb 7, 2019

@berkdsnr

This comment has been minimized.

Copy link
Contributor Author

berkdsnr commented Feb 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment