Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more ranks #8335

Merged
merged 1 commit into from May 8, 2017
Merged

Add more ranks #8335

merged 1 commit into from May 8, 2017

Conversation

farkwun
Copy link
Contributor

@farkwun farkwun commented May 3, 2017
edited

This PR hopes to resolve the last few missing module rankings as per #7923

I've also included a few lines of justification for each ranking - these ones seem a little less cut and dry than the previous set, so please do tell me if I've misinterpreted something!

../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action

Verification

  • Run msftidy on the exploit modules, verify the below files no longer throw [INFO] No Rank Specified messages:
    • ../exploits/linux/local/vmware_mount.rb
    • ../exploits/multi/http/movabletype_upgrade_exec.rb
    • ../exploits/multi/http/uptime_file_upload_2.rb
    • ../exploits/multi/http/zpanel_information_disclosure_rce.rb
    • ../exploits/unix/webapp/spip_connect_exec.rb
    • ../exploits/unix/webapp/wp_optimizepress_upload.rb
    • ../exploits/windows/ftp/wing_ftp_admin_exec.rb
    • ../exploits/windows/http/novell_mdm_lfi.rb
    • ../exploits/windows/local/run_as.rb

@farkwun farkwun force-pushed the add_outstanding_ranks branch 3 times, most recently from 3283b82 to daba88c Compare May 4, 2017 10:21
@wvu wvu self-assigned this May 5, 2017
@wvu
Copy link
Contributor

wvu commented May 5, 2017

exploit/linux/local/vmware_mount is local privesc and basically already command injection. Should it be ExcellentRanking?

@farkwun farkwun force-pushed the add_outstanding_ranks branch 2 times, most recently from 58220d9 to 06b9500 Compare May 7, 2017 19:37
@farkwun
Add more ranks, remove module warnings
88bef00 
../vmware_mount.rb
Rank = Excellent
Exploit uses check code for target availability,
the vulnerability does not require user action,
and the exploit uses privilege escalation to run
arbitrary executables

../movabletype_upgrade_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../uptime_file_upload_2.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../zpanel_information_disclosure_rce.rb
Rank = ExcellentRanking
Exploit allows remote code execution,
implements version check for pChart

../spip_connect_exec.rb
Rank = ExcellentRanking
Exploit utilizes code injection,
has a check for availability

../wp_optimizepress_upload.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../wing_ftp_admin_exec.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary commands,
has a check for availability

../novell_mdm_lfi.rb
Rank = ExcellentRanking
Exploit allows execution of arbitrary code,
has a check for availability

../run_as.rb
Rank = ExcellentRanking
Exploit utilizes command injection,
checks system type, and does not require user action
@farkwun
Copy link
Contributor Author

farkwun commented May 7, 2017

Thanks @wvu-r7 !

I've changed exploit/linux/local/vmware_mount.rb to ExcellentRanking!

Do tell me if there are any other inaccuracies!

@wvu
Copy link
Contributor

wvu commented May 7, 2017

Thanks for doing this. I was trying to finish them the other day but didn't have the motivation to finish, lol.

wvu added a commit to wvu/metasploit-framework that referenced this pull request May 8, 2017
@wvu
Land rapid7#8335, rank fixes for the msftidy god
b794bfe
@wvu wvu merged commit 88bef00 into rapid7:master May 8, 2017
@farkwun farkwun deleted the add_outstanding_ranks branch May 8, 2017 02:25
@wvu
Copy link
Contributor

wvu commented May 8, 2017
edited by alrosenthal-r7

Release Notes

Module rank warnings have been removed from msftidy. Improved descriptions have been added to existing module rankings.

@alrosenthal-r7 alrosenthal-r7 added the rn-enhancement release notes enhancement label May 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
feature module msftidy rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@farkwun @wvu @alrosenthal-r7