Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
PowerShellEmpire Arbitrary File Upload (Skywalker) #7450
This PR adds an exploit module that leverages the arbitrary file upload
The module recovers the staging key by XORing specific offsets from the
Blog referance the vulnerability is live.
Yes for this exploit to work Empire will have to be running as root. Most of the use cases for Empire require it to run as root for port binding and other functions, So there is a high probability of this exploit working against un-patched versions.
If the Empire instance is not running as root, The Arbitrary File Write vulnerability still exists but only has write permissions of that of the user level that it is running as.
changed the title from
EmpirePowerShell Arbitrary File Upload (Skywalker)
PowerShellEmpire Arbitrary File Upload (Skywalker)
Nov 13, 2016
Works for me:
Nov 17, 2016
1 check passed
added a commit
this pull request
Nov 17, 2016
This module exploits a vulnerability in PowerShellEmpire. By recovering the staging key, the module is able to communicate using a malicious agent, and triggers a download task that leverages a traversal vulnerability in order to write to an arbitrary location, which results in remote code execution.