-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added Sage X3 modules #15400
added Sage X3 modules #15400
Conversation
- Updated default port number to match documentation - Updated the str append to '<<' - Fixed issue with the login scanner returning false positives - Removed rank from login scanner - Removed Custom Executable target in favor of EXE::CUSTOM - Moved the X3Crypt code out of the exception block - Added additional checks to the exploit module, the same that were made in login_scanner - Changed the check function to produce the proper return 'CheckCode' values
Thanks for your pull request! Before this pull request can be merged, it must pass the checks of our automated linting tools. We use Rubocop and msftidy to ensure the quality of our code. This can be ran from the root directory of Metasploit:
You can automate most of these changes with the
Please update your branch after these have been made, and reach out if you have any problems. |
Thanks for your pull request! Before this can be merged, we need the following documentation for your module: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of these files are missing license headers.
Also, not that it really matters, but sometimes review can take a while, and modules can be merged faster if they're split into multiple PRs. ie, one PR for the login scanner library + module, and one for the exploit module. However, if the exploit module is going to be updated to use the scanner modules as a CheckModule
then disregard this comment.
Co-authored-by: bcoles <bcoles@gmail.com>
Co-authored-by: bcoles <bcoles@gmail.com>
- Renamed exploit module to x3_adxsrv_auth_bypass_cmd_exec.rb - Changed print_bad to fail_with - Updated Name in module to reflect the auth bypass element - Updated the rand number generation - Added error checking to adxdir function return value - Changed payload variable name -> sage_payload
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
…-framework into SageX3-CVE-2020-7388
a12201f
to
a6b4d20
Compare
cdd8f83
to
aefdb8d
Compare
61d765b
to
edfc680
Compare
Mostly RuboCop and refactoring.
2c168c9
to
b9a7144
Compare
Release NotesAdded a Sage X3 login scanner and CVE-2020-7387 + CVE-2020-7388 exploit. |
This exploits a vulnerability in the Sage X3 administrative service which results in an unauthenticated remote command execution. This branch contains the following three files:
Reference: https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/
Tagging @wvu-r7 per request
Verification
msfconsole
use exploit/x3/x3_adxsrv_cmd
run
nt authority\system
Output Images
Remote Command Exploit
Login Scanner