Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update commvault_cmd_exec module documentation #9389

Merged
merged 2 commits into from Jan 18, 2018

Conversation

wchen-r7
Copy link
Contributor

@wchen-r7 wchen-r7 commented Jan 8, 2018

This PR updates the module documentation for windows/misc/commvault_cmd_exec. I created the notes while testing and reviewing #9340.

Verification

  • Load the module and do info -d to make sure you can see the documentation.

@h00die
Copy link
Contributor

h00die commented Jan 8, 2018

I'm currently mid-wipe on my msf box, but since its only docs and it can wait a few days, I can take care of this

@h00die h00die self-assigned this Jan 8, 2018
@wchen-r7
Copy link
Contributor Author

wchen-r7 commented Jan 8, 2018

Thank you. A few days is no problem for me. Please take your time.

According to public documentation, the data is protected by installing agent software on the
physical or virtual hosts, which use the OS or application native APIs to protect data in a
consistent state. Production data is processed by the agent on client computers and backuped
up through a data manager (the MediaAgent) to disk, tape, or cloud storage. All data
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

backuped up ?

.text:000000018015A0D2 jz loc_18015A220
```

However, if you don't call one of these processes, the ```exeCmd``` will assume you want to run your
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exeCmd should probably be execCmd

```

It is unclear whether allowing an arbitrary custom process is intentional or not, it is unsafe
anyway considering the cvd process binds to 0.0.0.0, so anybody can access to it under the context
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can gain access to it

@wchen-r7
Copy link
Contributor Author

wchen-r7 commented Jan 9, 2018

Thanks @bcoles. I just fixed the typos.

@h00die
Copy link
Contributor

h00die commented Jan 17, 2018

my adventures in reformatting, using a windows boot loader (so windows can update again, damn you microsoft), and getting everything to work right with kali have gone miraculously wrong. I'm now file carving my drive to recover my unsubmitted msf modules (luckily @bcoles has posted 2 he developed). If someone else wants to land this, be my guest, its going to be a little while longer. It's hard to see through the tears.

@h00die h00die removed their assignment Jan 17, 2018
@bcoles
Copy link
Contributor

bcoles commented Jan 18, 2018

@wchen-r7 I approve this PR if you want to merge.

RIP @h00die's file system
🍺
💧
🌎

@busterb busterb self-assigned this Jan 18, 2018
@busterb busterb merged commit b06db60 into rapid7:master Jan 18, 2018
@busterb
Copy link
Contributor

busterb commented Jan 18, 2018

Release Notes

Documentation has been added for the exploits/windows/misc/commvault_cmd_exec module.

jmartin-r7 pushed a commit to jmartin-r7/metasploit-framework that referenced this pull request Jan 24, 2018
jmartin-r7 pushed a commit to jmartin-r7/metasploit-framework that referenced this pull request Jan 24, 2018
@allrosenthal-r7 allrosenthal-r7 added the rn-enhancement release notes enhancement label Feb 6, 2018
@wchen-r7 wchen-r7 deleted the pr9340_update branch August 6, 2018 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs easy rn-enhancement release notes enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants