Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added to code to remove payload once run. #11797

Merged
merged 2 commits into from May 28, 2019

Conversation

Projects
None yet
4 participants
@bigendiansmalls
Copy link
Contributor

commented Apr 30, 2019

The original payload left the binary behind on the system, which could be
then used by someone else intentionally or otherwise. This addition cleans
up the module by removing it after running.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/mainframe/ftp/ftp_jcl_creds
  • set payload cmd/mainframe/apf_privesc_jcl
  • set other options including APFLIB
  • verify module doesn't exist prior (on Z)
  • run exploit
  • verify module does not exist after exploit

image
image

bigendiansmalls added some commits Apr 30, 2019

Added to code to remove payload once run.
The original payload left the binary behind, which could be
then used by someone else intentionally or otherwise. This
addition cleans up the module by removing it after running.

@bcoles bcoles added the payload label Apr 30, 2019

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

@bcook, do you sill have access to a test machine for this?

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented May 24, 2019

This looks straightforward, but I don't have a way of testing handy. Could you provide a pcap and dirlist to show functionality and clean directory, @bigendiansmalls

@bigendiansmalls

This comment has been minimized.

Copy link
Contributor Author

commented May 24, 2019

@bigendiansmalls

This comment has been minimized.

Copy link
Contributor Author

commented May 24, 2019

@bwatters-r7 Per your request, here is a pcap. :)
pcap.zip

and a video if you'd like to watch it in action (complete with soundtrack)
https://www.bigendiansmalls.com/files/mainframe.mp4

@bwatters-r7 bwatters-r7 merged commit f1a5711 into rapid7:master May 28, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bwatters-r7 added a commit that referenced this pull request May 28, 2019

Land #11797, Added to code to remove payload once run.
Merge branch 'land-11797' into upstream-master

msjenkins-r7 added a commit that referenced this pull request May 28, 2019

Land #11797, Added to code to remove payload once run.
Merge branch 'land-11797' into upstream-master
@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented May 28, 2019

Release Notes

We have fixed an issue that caused a payload to stay on the target. The payload is now deleted automatically after running.

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented May 28, 2019

@bigendiansmalls, thanks for the module and the data, and also, strong soundtrack choice!

@bigendiansmalls bigendiansmalls deleted the bigendiansmalls:apfPayloadFix branch May 28, 2019

@tdoan-r7 tdoan-r7 added the rn-fix label Jun 4, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.