New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ClamAV Remote Command Transmitter #6980
Conversation
@wvu-r7 can you add a little bit of a description on how to set up the ClamAV so it is vulnerable? |
rescue Rex::ConnectionRefused, Rex::ConnectionTimeout, Rex::HostUnreachable => e | ||
fail_with(Failure::Unreachable, e) | ||
rescue EOFError | ||
print_error('Successfully shut down ClamAV Service') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If shutting down ClamAV is the intention, then I guess it should be print_good()?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Derp.
ClamAV Lab Setupdebian / ubuntu
If clamd fails to listen on port 3310, please add the following content in /etc/clamav/clamd.conf
|
require 'msf/core' | ||
|
||
class MetasploitModule < Msf::Auxiliary | ||
include Msf::Exploit::Remote::Tcp |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be great to see this utilize Msf::Auxiliary::Scanner
so you can more easily run this against larger swaths of targets without additional work.
@jhart-r7 Thanks for the suggestion to make it a scanner! New version is now a scanner. |
@join-us I'm trying to set up the box on Ubuntu, but I'm getting this:
Any suggestions? |
@join-us Never mind. I did this instead:
|
Verified:
|
Congrats on your first module, @bwatters-r7!! History has been made! |
What This Module Does
This module takes advantage of a possible misconfiguration in the ClamAV service on release 0.99.2. If the service is tied to a socket, the ClamAV service listens for commands on all addresses; this module connects to the ClamAV service port and sends the proper commands for VERSION and SHUTDOWN.
Verification
List the steps needed to make sure this thing works
msfconsole
use auxiliary/admin/misc/clamav_control
set rhost xxx.xxx.xxx.xxx
set action VERSION
run
set action SHUTDOWN
run
set action VERSION
run